ClawHub
Back to skill

Security audit

Model Deploy Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for deploying models, but it gives an agent broad SSH-based server modification authority and exposes the model service without enough safeguards.

Install only if you intend the agent to modify GPU servers over SSH. Use a dedicated least-privileged SSH account, confirm the exact host, user, path, port, model, and command before each run, pin dependencies where possible, and restrict the vLLM endpoint with localhost binding, firewall rules, reverse proxy authentication, or trusted source IPs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to copy a script to a remote host, chmod it, and execute it over SSH, but it does not require explicit user confirmation that the target system will be modified. In an agent setting, this creates a real risk of unintended remote changes or deployment to the wrong host/account, especially because the workflow is framed as a normal execution path rather than a high-risk operation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script starts the vLLM service with --host 0.0.0.0, exposing it on all network interfaces by default without a clear warning or opt-in. In the context of a model deployment skill, this is more dangerous because it can unintentionally publish an inference endpoint to other hosts on the network, increasing the risk of unauthorized access, prompt/data exposure, abuse of GPU resources, and follow-on compromise if the service is misconfigured or vulnerable.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal