ClawHub

Azure Global Search

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Azure documentation lookup skill, but some examples include live Azure admin commands that users should treat carefully.

Install this for Azure product and documentation lookup. Treat any Azure CLI, SDK, REST, deployment, restart, or delete snippet as a live administrative example: confirm the subscription, resource group, permissions, credential handling, and possible cost before running anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This example materially expands a read-only product-query skill into operational guidance for creating and managing Azure VMs, including CLI, SDK, and destructive management API references. In a skill intended only to retrieve product information, such action-oriented content can mislead an agent into performing state-changing cloud actions and incurring cost or service impact.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The Azure Functions example goes well beyond lookup by demonstrating authenticated resource creation, key retrieval, zip deployment, restart/list/delete operations, and code publishing. That turns a documentation search skill into a deployment-capable workflow, which is especially dangerous because it handles credentials and performs remote changes to a live Azure environment.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The documented capability set includes creating, modifying, deploying, restarting, and deleting Azure resources, none of which are justified by a read-only product-query skill. Embedding these capabilities in examples normalizes unsafe agent behavior and increases the chance that an agent will attempt privileged, costly, or destructive actions under the guise of answering informational queries.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to activate on many general Azure-related requests, which can cause the agent to invoke this skill outside a narrowly intended scope. Overbroad activation is dangerous because it can route unrelated queries into a web-searching workflow, increasing the chance of unnecessary external fetches, irrelevant responses, and prompt-scope confusion.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using mere mention of "Azure", "Microsoft Azure", or "微软云" as a trigger is too ambiguous and can fire on a wide range of unrelated contexts. This is risky because it expands the skill's activation surface, making accidental invocation likely and potentially causing the agent to pull web content when the user did not ask for Azure product research.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
These examples include authenticated Azure CLI/SDK flows and resource-creation steps without a clear warning about charges, side effects, permissions, or secret handling. Users or downstream agents may treat them as safe defaults and trigger cloud spend or expose sensitive subscription details without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Function App example retrieves storage keys, constructs connection strings, obtains OAuth tokens, and performs remote zip deployment, yet provides no explicit safety warning about credential sensitivity, deployment effects, or cost. This combination raises the risk of credential leakage and unauthorized modification of cloud resources if copied by an agent or user without proper safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal