ClawHub

TK Security Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a text-only security auditing skill with visible, purpose-aligned hardening advice, but its copy-paste commands need careful review before use on live systems.

Install is reasonable for authorized security review. Before using it, set a clear scope, only scan systems you own or have permission to test, and do not blindly paste fix commands into production. Review backups, rollback steps, maintenance windows, and alternate access before changing SSH or firewall settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The SSH hardening commands modify authentication and access settings in place and immediately restart sshd, but they do not warn users about the risk of locking themselves out of remote systems. In a security-auditor skill, operators may copy-paste these fixes directly onto production hosts, so omission of sequencing guidance and rollback precautions creates a realistic availability risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Enabling UFW with default deny and then activating it can interrupt current connectivity if required management ports or environment-specific services are not allowed first. Because this file is positioned as actionable fix guidance, the lack of a user-facing warning can cause self-inflicted denial of service on servers.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The mount and kernel hardening examples can break applications or alter system behavior, and the documentation does not explain compatibility, persistence, or recovery implications. While these are legitimate hardening steps, presenting them without cautions can lead to service failures or unintended operational impact.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal