ClawHub

Vefaas Cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent veFaaS deployment helper, but it can make real cloud changes and handle secrets, so users should run it deliberately.

Install only if you intend to let the agent manage Volcengine veFaaS resources. Use least-privilege credentials, confirm the target app/function, region, gateway, and code package before any `--yes` deploy or push, and redact access keys, tokens, URLs, environment variables, and customer data before sharing debug logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill repeatedly recommends `vefaas deploy ... --yes`, including for existing apps, which suppresses confirmation prompts for actions that immediately change remote serverless deployments. In an agent context, this increases the chance of unintended production changes, overwrites, or misdeployments without an explicit user confirmation step or warning about remote impact.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The cookbook includes plaintext example secrets and credential-bearing connection strings such as DATABASE_URL, API_KEY, and PGPASSWORD=secret without any warning about secure secret handling. In a deployment-focused skill, users are likely to copy these examples directly into shell history, files, screenshots, or shared repos, which can normalize insecure practices and lead to accidental credential exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The cookbook includes commands that redeploy functions and modify remote environment variables without any warning, confirmation guidance, or rollback precautions. In an agent skill context, these instructions can directly change production state or overwrite sensitive configuration, increasing the chance of accidental service disruption or secret misconfiguration.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The document shows examples involving credentials, API keys, database URLs, and full configuration details, but does not warn users not to expose or log secrets. In practice, users may copy real secrets into terminals, files, logs, or screenshots, which can lead to credential leakage and downstream compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The cookbook uses `vefaas deploy ... --yes`, which suppresses interactive confirmation and can immediately create or modify cloud resources. In a deployment-focused skill this is operationally relevant because users may copy-paste commands verbatim, leading to unintended infrastructure creation, charges, or deployment into the wrong account or gateway without an explicit warning.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation shows passing `--accessKey` and `--secretKey` directly on the command line, which can expose secrets through shell history, process listings, terminal logging, and audit tooling. In a cloud deployment skill this is especially dangerous because these credentials can grant direct access to the user's cloud environment and enable unauthorized deployments or resource compromise if leaked.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The troubleshooting guide explicitly states that debug logs contain full JSON response data and shows users how to read log files, but it does not warn that those logs may include sensitive material such as credentials, auth headers, API parameters, environment variables, project metadata, or command output. In a deployment CLI context, encouraging unrestricted collection and review of verbose logs materially increases the chance of accidental secret exposure or unsafe sharing.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The feedback section instructs users to capture stderr/stdout into debug.log, print the latest saved log, and collect environment details for submission, but provides no privacy or sensitivity warning. Because this skill is for deploying and managing serverless functions, the gathered artifacts can easily contain secrets, internal endpoints, account identifiers, and system details that should not be broadly shared.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal