ClawHub

Distributed Inference

Security checks across malware telemetry and agentic risk

Overview

This is a coherent distributed-inference skill, but users should treat its model pull and delete commands as administrative actions that require explicit confirmation.

Install only if you trust the `ollama-herd` package and repository. Run it on machines and networks you control, restrict access to the coordinator port, and require explicit user approval before model pull/delete or auto-pull actions because they can trigger large downloads or remove local models.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a distributed inference routing/scheduling layer, but it also documents remote model lifecycle mutation endpoints that can pull or delete models on other nodes. In an agent setting, this expands the effective privilege of the skill from observation/routing to state-changing fleet administration, which can trigger large downloads, evict models, disrupt service, and modify remote hosts if invoked without strong user consent and authorization.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document says pull/delete operations require user confirmation, but the examples show direct POST requests with no visible confirmation, approval token, or safeguard. That mismatch is dangerous in agent workflows because the agent may treat the API as immediately callable and perform costly or destructive remote actions contrary to user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal