ClawHub

Agent Dashboard

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate dashboard tool, but its web tiers can publicly expose or let others change operational status despite privacy and PIN-protection framing.

Use Tier 1 for local-only viewing. For Tier 2 or Tier 3, assume dashboard data may be public or tamperable unless you change the hosting and database access controls; do not put sensitive task names, internal URLs, secrets, customer data, or meaningful error details in the dashboard, and disable the cron when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This SQL creates RLS policies that allow the anonymous role to SELECT, INSERT, and UPDATE any row in the dashboard_state table with no authentication or row restriction. That means anyone who obtains the public project URL and anon key, or can reach the exposed client, can read operational metadata and tamper with dashboard contents, which contradicts the "PIN-protected" framing because the database itself is publicly writable.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The comments materially understate the exposure by claiming the worst case is a simple overwrite, while the actual policies permit unrestricted public reads, inserts, and updates for all rows in this table. Misleading security claims increase the chance that operators deploy the setup believing it is safely PIN-protected when the underlying data plane is open to anyone with anonymous access.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The customization example inserts `item.name` into `innerHTML` without escaping or sanitization. If `customData` can contain attacker-controlled or untrusted content, this enables DOM-based XSS in the dashboard, which is especially relevant because this skill is a browser-rendered monitoring UI that may display operational data from external files or feeds.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The guide recommends loading Chart.js from a third-party CDN but provides no warning about supply-chain, privacy, or integrity risks. Pulling scripts from external origins can expose users to script tampering, tracking, or unexpected network dependencies, which conflicts with the skill's broader positioning around keeping data local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal