ClawHub

Arista Device Health

Security checks across malware telemetry and agentic risk

Overview

This is mostly a legitimate Arista switch health-check guide, but it is labeled read-only while including a configuration-changing agent restart step.

Install only if you want a diagnostic Arista EOS checklist and can ensure the agent stays in read-only mode. Do not allow the restart commands on production switches unless a qualified operator explicitly approves the change and understands the affected protocol or subsystem may be disrupted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest describes a read-only Arista EOS health check and triage procedure, but the troubleshooting section instructs the operator/agent to enter configuration mode and administratively shut/no-shut an EOS agent. That is a state-changing remediation action, not merely observation or diagnosis, and exceeds the skill's described health-check behavior.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The front matter and metadata label the skill as "read-only" and declare only SSH as required, but later documentation instructs restarting an agent via `agent [name] shutdown` and `no agent [name] shutdown` in configuration mode. This is an active contradiction between the documented safety/intent and the procedure described in the file.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This markdown file is in scope for missing user warnings. The instructions recommend restarting an EOS agent via shutdown/no shutdown, explicitly noting it is a config change, but they do not clearly warn that this can disrupt the affected subsystem or should be performed only with change approval or maintenance awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal