ClawHub

Soc Deploy Thehive

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it handles powerful TheHive and Cortex administrator credentials too loosely for a security platform deployment.

Install only for a trusted lab or tightly controlled host. Use a strong unique password, restrict ports 9000 and 9001 with firewall/VPN/TLS, delete or lock down ~/thehive-cortex/api-keys.txt after storing secrets securely, rotate keys if they appear in logs or transcripts, and prefer the Cortex org-admin key instead of the superadmin key for routine MCP use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly performs shell-capable actions over SSH/SCP and Docker, yet no explicit permissions model is declared. That mismatch can lead users or orchestration systems to invoke a skill with infrastructure-modifying behavior without adequate trust gating, review, or consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states the skill automates admin password changes, account creation, and API key generation, but provides no warning about how those secrets are handled, stored, displayed, or protected. In a deployment automation skill for a SOC platform, this omission is security-relevant because operators may unintentionally expose highly privileged credentials in logs, terminal output, transcripts, or downstream tooling.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad enough that the skill could be selected for vague requests like 'deploy thehive' or 'thehive lab' without forcing confirmation of target host, environment, or whether destructive changes are intended. In a skill-routing system, overly broad activation increases the chance of unintended remote deployment actions on the wrong host.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that credentials and API keys will be written to disk, but it does not prominently warn the user about the sensitivity of those secrets or the risk of local disclosure. Writing long-lived admin credentials to a predictable file path on the remote host increases exposure through shell history, backups, shared accounts, or later compromise of that host.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to renew and handle API keys that are returned in plain text, but it provides no warning about treating those values as secrets or avoiding exposure in terminal output, logs, or pasted transcripts. In a deployment/automation skill for security tooling, this omission can lead to credential leakage and subsequent unauthorized API access to TheHive or Cortex.

Missing User Warnings

High
Confidence
98% confidence
Finding
The file documents an unauthenticated bootstrap endpoint that creates a superadmin user and uses default-style example credentials without prominently warning that this must only be reachable during initial setup. If exposed on a network-accessible host before first-user creation, an attacker could race to create the first privileged account and fully compromise the Cortex instance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The authentication examples include inline passwords and session-cookie handling over plain HTTP, but omit warnings about secret exposure in shell history, process listings, terminal logs, and network transit. Because this skill deploys an incident-response platform, compromised admin credentials or sessions could directly expose cases, alerts, and analyzer integrations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document explicitly recommends using a Bearer API key to avoid Cortex's CSRF protections, but does not warn that this shifts security entirely to possession of a long-lived credential. In a deployment automation skill that creates accounts and keys automatically, normalizing CSRF bypass via API keys can encourage insecure storage, logging, or overbroad reuse of privileged tokens, increasing the chance of account compromise.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script writes plaintext administrator passwords and long-lived API keys for both TheHive and Cortex to api-keys.txt without prompting the user, restricting permissions, or using a secure secret store. On multi-user systems, in backups, shell history-adjacent workflows, or later artifact collection, this can expose full administrative access to the incident response platform.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script injects the generated Cortex API key directly into docker-compose.yml, permanently embedding a live secret into a configuration file that is likely to be copied, backed up, committed, or shared during troubleshooting. This expands secret exposure beyond runtime memory and makes credential leakage more likely over the system's lifecycle.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill both stores generated credentials/API keys in a file and prints them back in output, creating two separate disclosure channels for highly privileged secrets. Because these include TheHive and Cortex admin credentials and API keys, exposure could allow full administrative takeover of the incident response platform.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal