ClawHub

Domain Dns Ops

Security checks across malware telemetry and agentic risk

Overview

This is a focused DNS operations skill that openly routes the agent to a local manager repository and Cloudflare/registrar tools, with high-impact but purpose-aligned domain-management actions.

Install this only if you are Peter or intentionally use the same ~/Projects/manager workflow. Before running it, confirm the exact domain, registrar, Cloudflare zone, redirect target, token permissions, and rollback plan. Treat nameserver flips, redirects, and disabling bot protections as live-production changes requiring explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides operational steps for creating Cloudflare zones, changing registrar nameservers, and configuring redirects without requiring an explicit user confirmation or warning about outage and takeover risks. In this context, a mistaken or unauthorized execution could immediately reroute a domain, break DNS/HTTPS, or redirect traffic to the wrong destination, making the omission security-relevant rather than merely procedural.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs operators how to disable Cloudflare's 'Block AI bots' control without any warning about the resulting reduction in bot-abuse protections and possible privacy/content-scraping implications. Because this is presented as a routine common operation, an agent could weaken protections without surfacing the security tradeoff to the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal