ClawHub

Sre Engineer

Security checks across malware telemetry and agentic risk

Overview

This SRE skill is coherent and not deceptive, but its examples include live production-impacting automation and chaos commands with weak safety controls.

Install only if you want an SRE reference that can produce operational automation. Before using any generated script or copied example, require human review, dry-run defaults, staging validation, explicit production approval, namespace and service allowlists, rollback checks, and least-privilege credentials. Pay particular attention to the database failover, pod deletion, iptables, traffic-control, cron, and systemd examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The business-hours guard is inverted: when `business_hours_only` is enabled, the runner aborts during 9-17 instead of outside that window. That contradicts the documented safety intent and can cause chaos experiments to run at night or off-hours when staffing and oversight are reduced, increasing operational risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The runbook automation section includes example code that executes a live database failover and service patch with `dry_run=False`, but the surrounding markdown does not clearly warn that these are destructive operational actions. In an agent skill context, users may copy or trigger this automation directly, causing service disruption or unintended production failover if run against real infrastructure.

Unvalidated Output Injection

High
Category
Output Handling
Content
import subprocess

        # Get pods
        result = subprocess.run(
            ["kubectl", "get", "pods", "-n", self.namespace,
             "-l", self.label_selector, "-o", "name"],
            capture_output=True,
Confidence
94% confidence
Finding
subprocess.run( ["kubectl", "get", "pods", "-n", self.namespace, "-l", self.label_selector, "-o", "name"], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
def inject(self) -> None:
        """Block network traffic using iptables."""
        import subprocess
        subprocess.run([
            "kubectl", "exec", self.source_pod, "--",
            "iptables", "-A", "OUTPUT", "-d", self.target_service, "-j", "DROP"
        ])
Confidence
92% confidence
Finding
subprocess.run([ "kubectl", "exec", self.source_pod, "--", "iptables", "-A", "OUTPUT

Unvalidated Output Injection

High
Category
Output Handling
Content
def rollback(self) -> None:
        """Restore network traffic."""
        import subprocess
        subprocess.run([
            "kubectl", "exec", self.source_pod, "--",
            "iptables", "-D", "OUTPUT", "-d", self.target_service, "-j", "DROP"
        ])
Confidence
92% confidence
Finding
subprocess.run([ "kubectl", "exec", self.source_pod, "--", "iptables", "-D", "OUTPUT

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal