ClawHub

System Integrity And Backup

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate backup and integrity purpose, but its own documentation conflicts on encryption-key storage and describes broad backup, decryption, retention, and cleanup actions without clear enough operator controls.

Review this carefully before installing. Use it only in an environment where you can restrict access to the intended /data tree, keep backup decryption keys separate from backups, require explicit approval before decrypting backups or creating snapshots, and treat retention outputs as jurisdiction-specific guidance that needs human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill metadata and setup text state that the backup encryption key must be supplied via environment variable and never stored on disk, but the backup architecture later says the key is stored in /data/auth/backup-key.enc. For a backup/security skill, contradictory key-handling guidance is dangerous because operators may implement the less secure option, placing decryption material on the same system as the encrypted backups and undermining confidentiality.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The integrity-check prompt is broad, imperative, and maps to high-privilege filesystem actions over /data/ without any explicit activation boundary, authorization check, or confirmation gate. In an agent environment, ordinary administrative language could accidentally trigger a full scan and reporting workflow, causing unintended access to sensitive data inventories and execution of expensive operations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
This backup-verification prompt can be matched by common operational phrasing but initiates sensitive actions such as locating backups, attempting decryption/extraction, and writing reports. If triggered unintentionally or by an untrusted prompt source, it could expose backup metadata, exercise privileged decryption paths, or consume resources without proper operator intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The event-driven snapshot request is ambiguous and tied to a business event, yet its expectations include creating a new encrypted backup artifact with indefinite retention. Ambiguous activation for a write-capable, retention-affecting workflow is dangerous because ordinary text about a completed submission could spur backup creation, data duplication, and long-term storage of client material without a clear trusted event source.

Vague Triggers

Low
Confidence
78% confidence
Finding
The retention-compliance prompt is broadly phrased and could be activated by routine questions, causing the skill to classify files for archival or deletion consideration across clients. Although the expectations say not to delete automatically, the operation still exposes sensitive retention judgments and file inventories, and could influence downstream destructive decisions if run in the wrong context.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The stale-lock cleanup prompt is open-ended and closely resembles ordinary troubleshooting language, yet it authorizes inspection of process state and potential removal of lock files. Even with a stated confirmation requirement, ambiguous triggering around a cleanup workflow can disrupt active processes, create race conditions, or interfere with system integrity if mis-invoked.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Hard-coding Greek legal retention rules without an explicit jurisdiction or locale selection can cause the skill to apply the wrong legal policy to data outside that regime. In a compliance and retention context, incorrect jurisdictional assumptions are materially risky because they may lead to under-retention, over-retention, or misleading legal guidance that affects regulated records handling.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation both contradicts itself and fails to give a clear warning about the risks of storing backup keys on disk. In a system designed to protect regulated accounting data, ambiguous secret-handling instructions can directly lead to insecure deployment, especially if backups and keys are colocated and an attacker or insider gains filesystem access.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal