ClawHub

Volcengine RDS Mysql

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Volcengine RDS MySQL helper that uses user-provided cloud keys for read-oriented RDS, VPC, subnet, and pricing queries, with no evidence of hidden persistence, exfiltration, or destructive behavior.

Install only if you intend to let the agent query your Volcengine RDS and related VPC metadata. Use a dedicated least-privilege IAM key, limit it to the regions and read APIs needed, avoid pasting returned infrastructure details into untrusted places, and consider pinning the SDK version for reproducible installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill requires access to sensitive cloud credentials via environment variables, but the manifest does not declare explicit permissions or safety boundaries for that access. This creates a transparency and governance gap: an agent or user may invoke the skill without clearly understanding that it can operate against live cloud resources using privileged credentials.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior extends beyond the high-level description by including VPC enumeration, subnet enumeration, and price queries, which touch broader cloud inventory and architecture metadata rather than only RDS instance/database management. Even if these actions are not directly destructive, undocumented scope expansion increases the risk of unintended data exposure and weakens user consent because the skill can access infrastructure-adjacent information the user may not expect.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation instructs use of long-lived cloud access keys and real-time RDS operations but does not prominently warn about credential sensitivity, production risk, or possible exposure of infrastructure metadata and database-related information in outputs. In this context, the omission is more dangerous because the skill targets live cloud administration, where even read operations can leak sensitive inventory details and future expansion to mutating actions would amplify the blast radius.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal