ClawHub

Security Auditor Tk

Security checks across malware telemetry and agentic risk

Overview

This is a coherent security-auditing skill, but it promotes copy-paste system hardening commands that can lock users out or disrupt services without enough safety guidance.

Install only if you want help auditing systems you own or are authorized to test. Treat all generated commands as examples, not safe one-step fixes: review them manually, back up configs, confirm console or recovery access before SSH or firewall changes, test in staging when possible, and store audit reports securely because they may contain sensitive infrastructure details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promises 'copy-paste fix commands' for security findings but does not warn users that these commands may alter firewall rules, SSH settings, permissions, or services and could cause outages or lockouts. In a security-auditing skill, users are especially likely to trust and run remediation commands directly, which increases the chance of unsafe changes being applied without review or backup.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly promises 'fix commands' and references copy-paste remediation guidance, but it does not instruct the user to review commands before execution, back up configuration, or validate environment-specific impacts. In a security-audit context, exact commands can change SSH, firewall, permissions, or TLS settings and may lock out administrators or weaken systems if applied blindly to the wrong host.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The usage examples encourage full server, web, and cloud audits without warning that the process may expose sensitive hostnames, user accounts, firewall rules, IAM details, certificates, and configuration data to the agent or report output. Because security audits inherently traverse sensitive infrastructure state, missing data-handling cautions increases the chance of over-collection, accidental disclosure, or unsafe sharing of audit results.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The SSH hardening commands directly modify sshd configuration and restart the service, but the document does not warn operators about validating access method compatibility first. Disabling root login, password authentication, or changing the SSH port can lock out remote administrators if key-based access, alternate accounts, firewall rules, or out-of-band access are not already in place.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Enabling UFW with default-deny incoming rules can immediately block remote management if required allow rules are incomplete or mismatched to the actual environment. Although the snippet allows `ssh`, `http`, and `https`, it does not warn users to confirm the correct SSH port, cloud security groups, or console access before enabling the firewall.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The hardening examples change mount and kernel behavior in ways that may break applications, startup behavior, diagnostics, or software relying on execution in `/tmp` or specific sysctl values. Presenting these commands without compatibility, rollback, and persistence guidance can cause service disruption or hard-to-diagnose operational failures.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal