ClawHub

agentic-devops

Security checks across malware telemetry and agentic risk

Overview

This is a powerful but coherent local DevOps diagnostics skill, with expected access to logs, processes, Docker, ports, and user-specified health-check URLs.

Install only if you want an agent to perform local DevOps diagnostics. Use it on systems you are authorized to inspect, review target log paths and URLs before running commands, and avoid sharing outputs from production hosts because logs, process lists, Docker metadata, and health-check responses may contain sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, timeout=15, shell=True):
    """Run a shell command and return (returncode, stdout, stderr)."""
    try:
        result = subprocess.run(
            cmd, shell=shell, capture_output=True, text=True, timeout=timeout
        )
        return result.returncode, result.stdout.strip(), result.stderr.strip()
Confidence
95% confidence
Finding
result = subprocess.run( cmd, shell=shell, capture_output=True, text=True, timeout=timeout )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill is explicitly user-invocable and documents capabilities that read files and logs, access network endpoints, inspect environment-dependent system state, and invoke shell-adjacent system tooling such as Docker, ps, and ss/netstat, yet it declares no permissions or trust boundaries. This creates a real security issue because callers and platform policy engines have no machine-readable way to constrain or warn about sensitive host introspection and network actions, increasing the risk of unintended data exposure or overbroad execution on production systems.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README advertises log inspection, port scanning, and HTTP health checks without warning users that these actions may access sensitive local data or generate outbound network requests. In a DevOps-focused skill, these behaviors are expected, but the lack of disclosure can still lead to accidental exposure of secrets in logs or unintended requests to internal and external systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When no subcommand is provided, the tool automatically runs `diag`, which reads host metadata, probes localhost ports, enumerates Docker state, inspects processes, and reads common log files. In an agent context, this default behavior can expose sensitive operational data without an explicit opt-in, making accidental data disclosure more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The health-check feature performs outbound HTTP requests to arbitrary user-supplied URLs and prints part of the response body. In an agent or privileged runtime, this can enable SSRF-style access to internal services or metadata endpoints and can leak sensitive response content into logs or chat output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal