ClawHub

PECMD Pro Max

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only PECMD/WinPE scripting skill with powerful admin examples, but its behavior is disclosed and aligned with its purpose.

Install this only if you need PECMD/WinPE scripting help. Treat generated output as powerful administrator code: review disk, partition, EFI, registry, raw device, network, and credential-handling commands before running them, verify targets explicitly, and keep backups for any storage or boot changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
66% confidence
Finding
The documentation presents a process-kill action in a GUI menu without any warning, confirmation, or safety guardrails. In a system-tooling skill, such examples can normalize destructive behavior and be copied directly into real scripts, leading to accidental termination of critical processes or denial of service on the host.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The image-control example binds a click directly to `EXEC calc.exe` without warning that interacting with the GUI launches an external process. In practice, readers may copy this pattern into tools where a visual element unexpectedly executes code, increasing the risk of deceptive UI behavior or unintended process launch.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation shows WiFi connection commands with SSID and password provided directly on the command line, which normalizes plaintext credential handling. In WinPE or automation contexts, such secrets can be exposed in scripts, logs, process listings, screenshots, or reused insecurely by operators, increasing credential leakage risk.

Missing User Warnings

High
Confidence
90% confidence
Finding
This section includes destructive partition operations such as deleting partitions, changing partition types, toggling flags, and swapping partition numbers, but does not place an upfront safety warning commensurate with the risk. In a WinPE/automation context, these commands are especially dangerous because users may run them against real disks during deployment or recovery, causing irreversible data loss or unbootable systems.

Missing User Warnings

High
Confidence
92% confidence
Finding
The EFI firmware variable write example documents modifying boot-related NVRAM entries without a strong warning about firmware persistence and boot-chain impact. In this skill's PE/startup tooling context, such examples are more dangerous because users are likely operating on preboot or recovery systems where a bad FVAR write can brick boot configuration or prevent system startup.

Unvalidated Output Injection

High
Category
Output Handling
Content
READ %CurDir%\rules.ini,**,&A
SED &&A=0:0,%&NA%,%&NA%ENVI ,{*ENVI %A%            // convert lines to ENVI commands
SET< A=%&NL%}
%&A%                                                // execute generated code block
```

---
Confidence
95% confidence
Finding
execute generated code

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal