ClawHub

Port Process

Security checks across malware telemetry and agentic risk

Overview

This port-management skill uses expected local process commands, including force-kill examples, but shows no hidden or unrelated behavior.

Install only if you want a local port/process management helper. Before using any kill command, inspect the PID and process name, try graceful termination first, and reserve kill -9 for cases where you are sure the process can be stopped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_command(cmd, shell=True):
    """运行命令并返回输出"""
    try:
        result = subprocess.run(
            cmd,
            shell=shell,
            capture_output=True,
Confidence
95% confidence
Finding
result = subprocess.run( cmd, shell=shell, capture_output=True, text=True, timeout=10 )

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly documents commands for terminating processes by port, including forceful termination, but does not provide a clear warning that killing the wrong PID can cause data loss, service disruption, or termination of unrelated applications. In a skill intended for process management, this is functional rather than inherently malicious, but the lack of safety framing increases the chance of operator misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README includes the classic `lsof -ti :<port> | xargs kill -9` one-liner, which performs irreversible force-killing without validation or confirmation. This is risky because users may copy-paste it directly, potentially killing critical services or the wrong process if the target port was misidentified or reused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal