ClawHub

Instant DB

Security checks across malware telemetry and agentic risk

Overview

This is a coherent InstantDB admin skill, but it gives an agent broad live-database power without enough safety guidance or scoping.

Install only if you intentionally want OpenClaw to administer the selected InstantDB app. Use a test or least-privileged environment where possible, protect the admin token as a secret, and require explicit human approval before update, delete, unlink, or transaction commands touch important data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description uses very broad trigger phrases such as general mentions of real-time updates, database sync, and entity operations, which can cause the skill to be invoked outside narrowly intended InstantDB contexts. Because this skill exposes admin-capable database operations, accidental invocation increases the chance of unintended reads, writes, deletes, or subscriptions against live data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents delete operations for live entities without any warning, confirmation requirement, or guidance about backups, staging, or production safety. In the context of an admin database skill, this materially increases the risk of operators or agents performing irreversible destructive actions on real data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to export an admin token but does not identify it as a highly sensitive secret or warn against logging, committing, or exposing it in shells and scripts. Since this token grants admin access to InstantDB, mishandling it could allow full unauthorized modification or deletion of application data.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger text is broad enough to activate on generic mentions of real-time updates, database sync, or entity operations, which could invoke a privileged admin skill outside narrowly intended InstantDB tasks. Because this skill supports create, update, delete, and linking operations using an admin token, accidental invocation increases the chance of unintended destructive or unauthorized changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes destructive database capabilities such as deletion and relationship changes without any user-facing warning, approval step, or safety guidance. In the context of an admin database integration, normalizing these operations without guardrails materially raises the risk of irreversible data loss or corruption from misuse, prompt injection, or accidental agent actions.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The cascade delete example demonstrates bulk irreversible removal of related records without any warning, precondition checks, or safer alternatives. In an admin-oriented InstantDB skill, this pattern could be copied directly into operational code and increase the chance of accidental mass deletion or misuse by an over-privileged agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal