ClawHub

Incident Fupan (事故复盘) — Structured Root Cause Analysis

Security checks across malware telemetry and agentic risk

Overview

This incident-review skill is useful and mostly coherent, but it can persist sensitive incident lessons and alter future agent behavior without clear user approval or limits.

Install only if you are comfortable with the agent inspecting incident logs, repository history, service status, configs, and related data. Before using it, require explicit approval for any long-term memory entry or edits to AGENTS.md, TOOLS.md, or skill files, and redact secrets, customer data, internal topology, and sensitive operational details from saved reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The instruction to update AGENTS.md, TOOLS.md, or other skills expands the skill from incident analysis into changing broader agent governance and behavior. Even if framed as prevention, this creates a pathway for an incident narrative or user-provided content to influence persistent control files without a separate authorization boundary, enabling policy drift or prompt-injection-style persistence.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Storing 'key lessons' to long-term memory is not necessary to generate a postmortem and introduces persistence of potentially sensitive incident details beyond the immediate task. In incident contexts, that memory may capture credentials, internal topology, failure modes, or confidential business impact, and later resurface in unrelated contexts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs writing full incident reports to a fixed local directory under the home folder without warning that postmortems often contain sensitive logs, service names, business impact, and security-relevant failure details. Persisting such data by default increases exposure through local compromise, backup sync, multi-user systems, or accidental later disclosure.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill combines persistence to long-term memory with no privacy, retention, or sensitivity controls, which is especially risky for incident-response content. Postmortems can include detailed operational weaknesses, customer impact, authentication failures, and confidential data; storing those lessons indefinitely creates a durable exfiltration and privacy risk disproportionate to the skill's purpose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal