ClawHub

Agent Settings Manager

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate configuration-management skill, but it needs Review because it covers secrets and production config changes without enough safety boundaries.

Install only for deliberate configuration-management work. Before following its command examples, inspect the actual config.js tool, use least-privilege credentials, require explicit approval for production or secret changes, prefer dry-runs, redact secret values from outputs, and avoid watch/auto-reload unless it is monitored and easy to stop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill metadata uses broad, generic trigger terms such as configuration, env variables, and config validation, which are likely to match many benign user requests and cause unintended invocation. Because this skill includes actions affecting environment configs, sync, rollback, and secret handling, accidental activation could lead an agent to surface or modify sensitive configuration workflows in the wrong context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises impactful operations on secrets and production configurations, including secret rotation, environment promotion, rollback, and syncing from repositories, but does not include safety boundaries, authorization checks, confirmation requirements, or warnings for destructive or sensitive actions. In an agent setting, this increases the chance that a user request or prompt injection could cause disclosure, unauthorized modification, or destabilization of production systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal