ClawHub

Cloud Data Migration

Security checks across malware telemetry and agentic risk

Overview

This appears to be a cloud migration guidance skill whose risky operational advice is expected for its purpose, but users should avoid sharing secrets and should not apply production steps without review.

Install only if you want advisory cloud migration planning. Provide architecture-level details, not credentials or sensitive customer data, and have qualified operators review and test any generated migration steps in a non-production environment before using them on live systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly asks users for migration context such as cloud vendors, products, data volume, compliance requirements, and budget, but it provides no warning not to include credentials, connection strings, personal data, or other secrets. In a cloud migration context, users may naturally paste highly sensitive infrastructure and data details, which could lead to unnecessary exposure of operational and compliance-sensitive information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill provides extensive production-oriented migration procedures, validation SQL, synchronization, rollback, and troubleshooting guidance that could be applied directly to live systems, yet it lacks an upfront warning to require testing, approvals, backups, and change control before execution. Because the content is highly operational and detailed, users may over-trust it and perform risky actions against production databases or cloud environments without adequate safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal