ClawHub

pager-triage

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PagerDuty triage skill with sensitive but disclosed access, and the scanner concerns do not show hidden or malicious behavior.

Install only in workspaces where PagerDuty incident and on-call data may be shown to the agent. Prefer a read-only or team-scoped PagerDuty key unless the agent truly needs to acknowledge, resolve, or note incidents, and review the exact incident before allowing any --confirm write action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The failover plan authorizes execution of a local `pd` CLI if API access fails, adding an unnecessary subprocess execution path that is outside the core HTTP-based design. This increases attack surface because local CLI behavior depends on host PATH, local configuration, plugins, and ambient credentials, which can lead to unintended command execution or privilege use on the agent host.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation rules are broad enough that normal conversation about outages, health, or incidents could trigger the skill without a clear PagerDuty-specific intent. In an agentic environment, over-broad activation can cause unnecessary access to sensitive operational data such as active incidents, on-call identities, internal service names, and incident history.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger guidance uses broad natural-language phrases like 'what's wrong?' or 'what's firing?', which can cause the skill to activate in ambiguous contexts and pull incident data when the user did not intend to access PagerDuty. In enterprise environments, accidental invocation can expose sensitive operational details such as incident titles, assignees, schedules, and service health to the wrong conversation context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal