ClawHub

Koji

Security checks across malware telemetry and agentic risk

Overview

This Koji administration skill is instruction-only and mostly purpose-aligned, but it gives agents powerful build-system, deletion, and access-control commands with too little scoping or confirmation guidance.

Install only if you want an agent to assist with Koji administration. Use a least-privileged Koji account, verify the target instance and object names, and require explicit human approval before deletions, cancellations, permission changes, uploads, repository changes, or cleanup operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The troubleshooting guidance claims to add a missing dependency, but the example command actually changes package ownership with `koji add-owner`. This can mislead operators into performing an unrelated privileged administrative action, potentially granting access to the wrong user while leaving the dependency issue unresolved.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
This section documents destructive commands such as build cancellation, including bulk cancellation, without guardrails, confirmation guidance, or impact warnings. In an agent-skill context, this increases the risk that an automated system or operator will execute disruptive actions against production build workloads without understanding scope or consequences.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This section includes tag deletion, package/tag mutation, and permission-changing operations without warning about their administrative impact. Misuse could alter repository composition, package availability, or access control, which is especially risky in centralized build infrastructure where tags and permissions affect many downstream builds.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The user-management section presents account creation/deletion and permission grant/revoke commands as routine examples without emphasizing their sensitivity. In a skill intended for agent use, this can enable accidental privilege escalation, improper access revocation, or deletion of legitimate accounts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Repository deletion, archive deletion, and buildroot cleanup commands are documented without describing data-loss or service-impact risks. These actions can remove artifacts, invalidate environments, or disrupt build reproducibility, making the skill more dangerous when consumed by automation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The authentication and configuration sections expose exact locations and names for sensitive credentials such as client certificates and keytabs, but do not include privacy, file-permission, or redaction guidance. This increases the likelihood that users or downstream agents will mishandle secrets in logs, screenshots, shared configs, or overly permissive files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal