ClawHub

Adguard

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but it has under-scoped admin access that could send credentials to an unintended AdGuard host and reads DNS query-log data during a status check.

Review before installing. Set ADGUARD_URL explicitly to your own AdGuard Home address before running any command, avoid storing ADGUARD_PASSWORD in shell startup files, and require explicit user approval before allow, block, toggle, or cache-clear actions. Be aware that status currently accesses the DNS query log even though it only prints summary statistics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes a protection toggle that can disable DNS filtering for an entire AdGuard Home instance, potentially affecting all clients on the network. Because the documentation frames this as a convenience feature without a prominent warning or confirmation requirement, an unsuspecting user could disable network-wide protections and materially reduce security and privacy.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to persist an admin password in shell startup files, which can expose credentials through file disclosure, backups, dotfile syncing, shell history mistakes, or overly broad local read permissions. Since these credentials control a network security appliance, compromise could let an attacker alter filtering rules, clear cache, or disable protection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script can disable DNS protection and clear cache immediately, with no confirmation prompt, dry-run mode, or warning about service impact. In an agent-executed context, a mistaken or injected command could silently weaken network protections or disrupt filtering for all users behind AdGuard Home.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal