ClawHub

Pilot Incident Response Setup

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for incident response, but it enables high-impact automated remediation and external incident sharing without enough guardrails.

Review before installing in production. Use least-privilege accounts, inspect the downstream `pilot-*` skills, restrict what the remediator can restart, scale, or quarantine, require human approval for high-risk actions, and redact incident data before sending it to Slack, email, webhooks, PagerDuty, or Opsgenie.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README promotes automated remediation actions such as restarting services, scaling resources, quarantining nodes, and forwarding incident data to Slack, email, and webhooks, but it provides no safeguards, approval gates, or warning about operational and data-sharing risks. In an incident-response skill, this omission is dangerous because users may deploy destructive or privacy-impacting workflows by default, causing outages, bad remediation decisions, or leakage of sensitive incident data to external systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs installation and use of an automated remediator and quarantine capability without requiring operator confirmation, scope limits, rollback guidance, or explicit warnings that these actions can disrupt services or isolate production nodes. In an incident-response context, this omission is especially risky because users may deploy it during emergencies and trigger destructive or availability-impacting actions with incomplete review.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The notifier role sends incident data to Slack, email, webhooks, PagerDuty, and Opsgenie, but the skill provides no guidance on minimizing sensitive payloads, handling regulated data, or validating external destinations. This can lead to unintended disclosure of incident details, hostnames, or forensic data to third-party systems or misconfigured endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal