ClawHub

CICD工作流程技能

Security checks across malware telemetry and agentic risk

Overview

This CI/CD helper is mostly transparent, but one generated Docker setup path gives unsafe remote host-control advice that users should review before using.

Review before installing or applying the generated guide. Do not expose Docker on 0.0.0.0:2376 as written; prefer SSH-based Docker control or require mutual TLS and network allowlisting. Store registry credentials, kubeconfig files, SSH keys, and webhook URLs only in protected CI secrets, restrict deployment jobs to protected branches/environments, and limit what build metadata is sent to chat webhooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs users to create and handle deployment secrets such as SSH keys, registry credentials, kubeconfig files, and webhook URLs, but provides no warning about secret protection, least privilege, rotation, masking, or avoiding disclosure in logs and documentation. In a CI/CD context, these credentials can grant broad access to infrastructure, so normalizing unsafe handling increases the chance of credential leakage and downstream compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The generated SSH deployment instructions tell users to grant passwordless sudo for service management and perform privileged system modifications without discussing the privilege-escalation risk. In a deployment guide, this can lead operators to create overly broad trust relationships between Jenkins, the deploy user, and production hosts, making host takeover easier if the CI server or deploy account is compromised.

Missing User Warnings

High
Confidence
99% confidence
Finding
The Docker setup section shows how to bind the Docker daemon to tcp://0.0.0.0:2376 without any mention of TLS, firewall restrictions, or the fact that remote Docker API access is effectively root-equivalent on the host. Exposing Docker remotely in this manner can allow an attacker who reaches the port to create privileged containers, mount the filesystem, and fully compromise the server.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal