ClawHub

Hostinger

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Hostinger management skill, but it gives an agent broad production infrastructure control without built-in safeguards for disruptive actions.

Install only if you intentionally want the agent to administer Hostinger resources. Use the least-privileged Hostinger API token available, protect and rotate the token, and require explicit human approval before running reset, restore, recreate, delete, nameserver, root-password, SSH-key, firewall, billing, or Docker deploy commands, especially when a compose file or URL comes from outside your control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill performs sensitive actions requiring file reads and network access, including reading a bearer token from disk and calling remote Hostinger APIs, but it does not declare those permissions. Undeclared capabilities reduce transparency and prevent proper policy gating, which can let the skill be invoked in contexts where users or platforms do not expect credential access or outbound administrative actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose understates the full set of privileged operations, while the implementation apparently includes credential changes, SSH key management, WHOIS access, hostname changes, and VPS reinstallation/recreation. This mismatch is dangerous because users may approve or auto-trigger the skill for routine hosting tasks without realizing it can perform identity, access, and destructive system-reprovisioning actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad enough to match many generic admin requests such as deploy, publish, manage servers, or configure DNS, increasing the chance of over-invocation. In a skill that can control infrastructure, DNS, billing, and server state, loose activation criteria materially raise the risk of unintended or unauthorized administrative actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation includes high-impact operations like stopping or restarting VPS instances and restoring snapshots without prominent warnings about downtime, rollback effects, or possible data loss. In an agent setting, examples often become operational guidance, so omission of safety warnings can normalize destructive actions and increase accidental service disruption.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The snapshot restore command performs a destructive rollback of a VPS with no confirmation, dry-run, or explicit warning. In an agent skill context, this increases the chance of accidental invocation causing service interruption or data loss, especially if the tool is called programmatically from ambiguous user instructions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Resetting DNS to defaults can immediately disrupt live traffic, email delivery, and service verification records, yet the command executes without any user-facing warning or confirmation. Because this skill is meant for automated infrastructure management, accidental or prompt-injected use is more dangerous than in a purely manual admin tool.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Restoring a DNS snapshot can roll back current records and break active routing, email, and certificate validation, but the command provides no confirmation or warning. In an agent-operated CLI, lack of friction on rollback operations materially raises the risk of operational outages from mistaken inputs.

Missing User Warnings

High
Confidence
96% confidence
Finding
The VPS recreate operation is effectively an irreversible rebuild that can destroy the existing system state, yet it runs without any explicit warning, confirmation, or safeguard. Given this skill can administer production infrastructure, accidental execution could cause severe downtime and data loss.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Deleting a Docker project can stop and remove deployed services, causing immediate outages, but the command offers no warning or confirmation. In a skill designed for remote service management, this lack of safeguards makes unintended destructive actions more likely and more harmful.

Session Persistence

Medium
Category
Rogue Agent
Content
Store in `~/.config/hostinger/token` (just the token, no newline):
```bash
mkdir -p ~/.config/hostinger
echo -n "YOUR_API_TOKEN" > ~/.config/hostinger/token
chmod 600 ~/.config/hostinger/token
```
Confidence
86% confidence
Finding
mkdir -p ~/.config/hostinger echo -n "YOUR_API_TOKEN" > ~/.config/hostinger/token chmod 600 ~/.config/hostinger/token ``` ## Quick Reference ### VPS Operations ```bash # List all VPS instances pyth

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal