ClawHub

Version Drift

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed infrastructure version-checking skill that runs user-configured local, SSH, and HTTP checks, so it is powerful but coherent with its purpose.

Install only if you intend to run configured commands against your own machines and services. Review config.yaml like code before running it, avoid direct root SSH where possible, use dedicated low-privilege SSH/API credentials, keep SSH host checking and TLS verification enabled unless you have a specific internal reason, and do not use untrusted configs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_local(cmd, timeout=30):
    """Run a shell command locally, return stdout stripped."""
    r = subprocess.run(
        ['sh', '-c', cmd], capture_output=True, text=True, timeout=timeout,
    )
    return r.stdout.strip()
Confidence
98% confidence
Finding
r = subprocess.run( ['sh', '-c', cmd], capture_output=True, text=True, timeout=timeout, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if ssh_key:
        ssh_cmd += ['-i', os.path.expanduser(ssh_key)]
    ssh_cmd += [f'{user}@{host}', cmd]
    r = subprocess.run(ssh_cmd, capture_output=True, text=True, timeout=timeout)
    return r.stdout.strip()
Confidence
94% confidence
Finding
r = subprocess.run(ssh_cmd, capture_output=True, text=True, timeout=timeout)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill silently executes local shell commands from configuration without a prominent warning or confirmation. In a version-checking tool, that hidden execution model materially increases risk because users may expect passive inspection, not arbitrary command execution on their workstation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool can SSH to remote hosts and run commands, but this side effect is not clearly surfaced to users before execution. Because the skill advertises version checking, undisclosed remote command execution creates a meaningful trust and safety gap.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal