ClawHub

Redis Skill - 高性能缓存管理

Security checks across malware telemetry and agentic risk

Overview

This is a Redis command-helper skill whose database-changing examples are expected for its purpose, but users should review commands before using them on real Redis systems.

Install this only if you want help generating Redis commands. Before running any generated command against production, confirm the host, database, key pattern, and impact, and be especially careful with delete, CONFIG, EVAL, and log-reset commands. Keep real Redis passwords out of chat where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description says it should be used whenever the user mentions Redis, caching, message queues, or session storage, which is broad enough to trigger on general discussion rather than a clear request to execute Redis operations. Over-broad activation can route benign conversational context into an operational skill that generates or encourages state-changing commands, increasing the chance of unintended destructive or sensitive actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation includes a destructive Redis deletion command by score range without an adjacent warning about permanent data loss or scope verification. In a skill designed to help users generate Redis commands, this makes it easier for a casual or ambiguous request to translate into irreversible deletion of application data such as leaderboard entries or other sorted-set records.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented SLOWLOG RESET command irreversibly clears Redis diagnostic history without warning the user that forensic and troubleshooting data will be lost. In this skill context, users may copy commands directly into production environments, so omitting a warning increases the risk of destroying operational evidence needed for incident response or performance analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal