ClawHub

Coolify

Security checks across malware telemetry and agentic risk

Overview

This Coolify skill is mostly purpose-aligned, but it grants high-impact infrastructure control and encourages unsafe handling of private keys and destructive actions without enough guardrails.

Install only if you intend to let an agent operate Coolify resources. Use a least-privilege Coolify token, avoid pasting or passing secrets directly on the command line, do not let the agent read private key files unless you explicitly request that exact action, and manually confirm any delete, stop, restart, deploy, or environment-variable change before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill description frames the tool around deployments, applications, databases, and services, but the command router also exposes projects, servers, and teams enumeration. In an agent setting, this broader inventory access increases unnecessary data exposure and can reveal account structure, infrastructure layout, and team metadata beyond the user’s likely intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes high-impact operations such as deploy, stop, delete, restart, infrastructure management, environment-variable changes, SSH key handling, and GitHub App configuration without prominent warnings about destructive consequences. In an agent setting, this can normalize dangerous actions and increase the risk of accidental service disruption, data loss, or credential misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples include plaintext secrets and shell substitutions for sensitive material, such as database URLs with passwords, API keys, SSH private keys, GitHub App private keys, and exported tokens. These patterns encourage exposure through shell history, process listings, logs, transcripts, and copied documentation, which is especially risky in agent-mediated environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The database deletion path issues a DELETE request immediately once a UUID is supplied, with no confirmation, dry-run, or safety interlock. In an agent workflow, a malformed prompt, mistaken UUID, or prompt-injection-induced action could irreversibly destroy production data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal