ClawHub

GCP Global Search

Security checks across malware telemetry and agentic risk

Overview

This is a Google Cloud documentation lookup skill with some actionable cloud setup examples, but it does not install or run code by itself.

Reasonable to install for Google Cloud documentation lookup. Before using any generated CLI, API, or Terraform snippet, confirm the target project, permissions, region, billing impact, and cleanup path; avoid sharing real service account keys or tokens, and prefer official current Google Cloud docs for final command validation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is described as a product-information query tool, but these examples move into operational guidance for creating and managing live cloud resources. That scope expansion increases the chance an agent will provide actionable infrastructure instructions that can trigger unintended changes, spending, or security exposure, especially when users expected read-only documentation lookup.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
These examples provide end-to-end API, CLI, and Terraform instructions for provisioning a GKE cluster, which materially exceeds the advertised search/query purpose. In an agent setting, such concrete infrastructure-creation workflows can be replayed or adapted into real execution paths, leading to unauthorized resource creation, broad OAuth scopes, and substantial cloud spend.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The architecture recommendation content turns a search skill into a solution-design advisor that selects products and prescribes deployments. That makes the skill more dangerous because it can influence security architecture, cost, and operational decisions beyond simple retrieval of official product facts, increasing the blast radius of mistakes or hallucinations.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill presents itself bilingually but the operative instructions and output template strongly steer responses toward Chinese, without explicitly preserving user language preference. This can degrade usability, cause unexpected language switching, and make the agent less trustworthy or less accessible for users who asked in another language.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples include commands and code that create VM instances and may incur charges, yet they do not clearly warn that they affect live cloud environments. Users or downstream agents may copy these snippets directly, causing unintended provisioning, network exposure, or billing events under the mistaken assumption that the content is informational only.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The GKE examples show complete cluster-creation workflows across multiple interfaces without warning that execution provisions substantial live infrastructure and can generate significant recurring costs. Because Kubernetes clusters also create supporting resources and require elevated permissions, misuse can quickly lead to expensive deployments and a larger attack surface.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal