ClawHub

InsForge Cli Skills

Security checks across malware telemetry and agentic risk

Overview

This is a coherent InsForge administration skill, but it gives an agent broad live-project authority and under-warns about credential, export, deployment, and auto-install risks.

Install only if you trust InsForge and intend to let an agent administer real InsForge resources. Before use, require explicit approval for raw SQL, imports, exports, secret reads, deletes, deployments, schedule changes, and any use of --yes; avoid password environment variables outside masked secret stores; review .insforge/project.json and any auto-installed .agents/skills/insforge/ content; keep exports and deployment archives out of logs, chats, and version control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation states that project creation fetches the project's API key and that the command output includes the appkey, but it provides no warning about handling this credential securely. In agent, CI/CD, or shared terminal contexts, printing or logging secrets can expose them through shell history, build logs, transcripts, or screenshots, enabling unauthorized access to the project.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows database export commands that write full schema and potentially full row data to disk or stdout without any warning that exports may contain sensitive information such as PII, credentials, tokens, or proprietary business data. In a CLI skill focused on project and database management, users are likely to copy these examples directly, which increases the chance of creating unsecured backups, leaking data into shell history, terminals, logs, CI artifacts, or committing exports to source control.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation states that the command zips the source directory and uploads it to a presigned URL, but it does not prominently warn users that local project contents are transmitted off-host. In a deployment CLI context, this can lead to accidental disclosure of sensitive files if exclusions are incomplete or users deploy the wrong directory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly recommends supplying `INSFORGE_PASSWORD` via an environment variable for CI/CD without warning that environment variables may be exposed through process listings, CI job logs, crash dumps, debug output, or inherited subprocess environments. In a login workflow, this encourages insecure secret handling and can lead to credential disclosure beyond the intended process.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal