ClawHub

log-dive

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only log search helper, but it can expose sensitive log data through the agent when used with production credentials.

Install only where the agent is allowed to query your observability systems. Use least-privilege, read-only credentials limited to the intended indices, log groups, tenants, and environments; prefer narrow time ranges and service filters; and avoid using it on logs that must not enter the agent or LLM context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The skill markets itself as a simple read-only natural-language log search tool, but its documented behavior includes broader discovery and live-tail capabilities and admits the agent must perform query translation itself. That mismatch can mislead users and orchestrators about what will actually run, increasing the chance of overbroad log access, unintended backend enumeration, and exposure of sensitive log data during use.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script exposes a `health` command that calls `/_cluster/health`, which returns cluster-wide operational metadata unrelated to the advertised core function of log search. In many environments this reveals node counts, shard state, and overall platform condition that can aid reconnaissance and exceeds least-privilege expectations for a read-only log search skill.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The `indices` functionality enumerates index names and metadata via `/_cat/indices`, disclosing inventory information beyond natural-language log search. Index names often encode tenants, services, environments, or security products, so this broadens information exposure and can help an attacker map the logging estate.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases are very broad (for example, common requests like 'check the logs' or incident-triage language), which can cause the skill to trigger in situations the user did not intend. In a network-enabled, exec-capable log access skill, unintended invocation is risky because it can initiate searches against sensitive observability backends and surface confidential operational data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal