ClawHub

Telnyx Network

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do its stated networking job, but it needs Review because it gives an agent lasting privileged control over WireGuard and can expose local services to the internet.

Install only if you trust this skill and your agent to manage local networking and Telnyx resources. Avoid setup-sudoers unless unattended WireGuard control is truly needed; if used, remove the exact /etc/sudoers.d/wireguard-<user> file when finished. Use a scoped Telnyx API key, do not expose unauthenticated services, protect generated wg-*.conf files as secrets, and avoid running the scripts from directories containing untrusted .env files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises shell, file read, and file write capabilities but does not declare permissions or prominently communicate that level of access. In a networking skill that also changes local system configuration, this lack of permission transparency weakens user consent and makes risky operations easier to trigger without informed review.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose emphasizes private mesh networking and exposure features, but the skill also introduces materially different behaviors: modifying sudoers for passwordless privileged execution and maintaining a node registry in Telnyx storage. Those behaviors expand trust boundaries and persistence/discovery capabilities beyond what a user may reasonably expect from the summary alone.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to install a sudoers rule enabling passwordless execution of WireGuard commands, but it does not clearly warn that this grants the agent recurring privileged network-control capability. Even if scoped to wg/wg-quick, that access can alter routing, interfaces, and connectivity in ways that affect host security and availability.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The public exposure workflow documents how to obtain a public IP and expose ports without an explicit warning that this can publish local services to the internet. In context, this is especially risky because the feature is meant to be agent-driven and could unintentionally expose sensitive internal services or weakly secured apps.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script unconditionally overwrites config.json using shell redirection, which can destroy prior configuration without warning or confirmation. In an agent skill context, silent replacement of local state can cause accidental misconfiguration, loss of previous network metadata, or follow-on mistakes when later commands rely on the overwritten file.

Credential Access

High
Category
Privilege Escalation
Content
# Check API key
if [ -z "$TELNYX_API_KEY" ]; then
    # Try .env file
    if [ -f "$SCRIPT_DIR/.env" ]; then
        source "$SCRIPT_DIR/.env"
    fi
Confidence
97% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Check API key
if [ -z "$TELNYX_API_KEY" ]; then
    # Try .env file
    if [ -f "$SCRIPT_DIR/.env" ]; then
        source "$SCRIPT_DIR/.env"
    fi
fi
Confidence
97% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
if [ -z "$TELNYX_API_KEY" ]; then
    # Try .env file
    if [ -f "$SCRIPT_DIR/.env" ]; then
        source "$SCRIPT_DIR/.env"
    fi
fi
Confidence
97% confidence
Finding
.env"

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**What it does:**
- Adds `/etc/sudoers.d/wireguard-<username>`
- Only allows `wg` and `wg-quick` commands (not blanket sudo)
- Can be removed anytime: `sudo rm /etc/sudoers.d/wireguard-*`

**Without this setup**, the agent can still create networks and generate configs, but you'll need to manually run `sudo wg-quick up <config>` to connect.
Confidence
78% confidence
Finding
rm /etc/sudoers.d/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal