ClawHub

Tonic System Deploy

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only deployment workflow that discusses high-impact production releases, but the behavior is disclosed, purpose-aligned, and framed around human approval and rollback controls.

Install only if you want an agent to help reason about UAT/PROD deployment workflows. Keep real deployment credentials, cron jobs, approval endpoints, and production access controlled outside the skill, and require explicit release-owner approval before any production action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| `submitted` | Both | Grey | Bug reported, awaiting review | Admin confirms/rejects |
| `confirmed` | Both | Blue | Valid bug, enters pipeline | T1 auto-process |
| `analyzing` | Both | Purple | AI analysis running (transient) | Auto → planned |
| `planned` | Both | Indigo | AI fix plan recorded | T1 auto-deploy |
| `deployed_uat` | Flow 1 | Cyan | UAT deployed, awaiting human validation | Admin approves PROD |
| `pending_prod` | Both | Yellow | Queued for PROD at next T2 | T2 auto-deploy |
| `deployed_prod` | Both | Green | PROD deployed | Flow1: done; Flow2: admin approves UAT merge |
Confidence
88% confidence
Finding
auto-deploy

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| `analyzing` | Both | Purple | AI analysis running (transient) | Auto → planned |
| `planned` | Both | Indigo | AI fix plan recorded | T1 auto-deploy |
| `deployed_uat` | Flow 1 | Cyan | UAT deployed, awaiting human validation | Admin approves PROD |
| `pending_prod` | Both | Yellow | Queued for PROD at next T2 | T2 auto-deploy |
| `deployed_prod` | Both | Green | PROD deployed | Flow1: done; Flow2: admin approves UAT merge |
| `pending_uat_merge` | Flow 2 | Purple | Queued for UAT merge at next T2 | T2 auto-merge |
| `uat_merged` | Flow 2 | Teal | UAT updated with PROD fix | Flow 2 complete ✅ |
Confidence
90% confidence
Finding
auto-deploy

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal