ClawHub

WORKSTATION.md - Your Agent's Own Linux Server

Security checks across malware telemetry and agentic risk

Overview

This skill is for creating public root-access Linux servers, but it gives an agent broad setup authority before clear user confirmation.

Install only if you want an agent to create and control a public Linux server for you. Confirm the CLI package, workstation name, SSH key choice, and public deployment before use; prefer a dedicated throwaway SSH key, avoid serving private files or secrets, and destroy the workstation when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs an agent to provision an internet-reachable Linux server with full root access and a public URL, but it does not present this as a high-risk action requiring explicit user awareness and consent. In an agent context, this can lead to unintended exposure of services, remote administration surfaces, and deployment of code to a publicly accessible host without the user understanding the security implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to read the user's local SSH public key and transmit it to an external service without clearly disclosing that this local credential material is being accessed and shared. Although a public key is not secret like a private key, it is still user-associated identity data and its use with remote infrastructure should be explicitly disclosed so the user can make an informed decision.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal