ClawHub

Komodo

Security checks across malware telemetry and agentic risk

Overview

This is a real Komodo infrastructure management skill, but it can immediately change or delete live infrastructure with little safety friction.

Install only if you intend to let the agent administer a real Komodo environment. Use least-privilege, environment-scoped Komodo API keys, keep production credentials separate, and require explicit human approval before stop/restart/deploy/delete/run-procedure actions or before uploading env files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The implementation exposes a destructive delete-stack capability that is not disclosed in the skill metadata or usage text. In an agent context, hidden destructive actions are dangerous because users or orchestrators may invoke the skill assuming it only performs routine management, while it can actually remove infrastructure resources.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance is broad enough to trigger on general 'Komodo-related infrastructure tasks,' which can include sensitive operational requests affecting live servers, containers, and deployments. Over-broad routing increases the chance that this skill is selected for high-impact actions without sufficient friction, review, or intent verification.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation presents commands for deploy, start, stop, restart, create, delete, and running procedures/builds without warning that these actions can disrupt production services or destroy resources. In an infrastructure skill, omission of operational safety guidance materially increases the risk of accidental outages or destructive changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The direct API examples include authenticated execute calls using live credentials but do not warn that these requests can immediately change infrastructure state. Because the examples are easy to copy and use privileged headers, they lower the barrier to accidental or unauthorized operational changes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Deployment and stack lifecycle commands perform state-changing operations immediately with no confirmation, dry-run, or warning. In an infrastructure-management skill, this increases the chance of accidental service disruption if the agent misinterprets a request or the user provides the wrong target name.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The create-stack command reads local compose and optional environment files and transmits their contents to the remote API without an explicit disclosure step. Because env files often contain secrets, an agent or user may unintentionally upload sensitive local data to a remote system they did not realize would receive raw file contents.

Missing User Warnings

High
Confidence
96% confidence
Finding
The delete-stack operation is irreversible/destructive and executes immediately without any visible confirmation or secondary authorization. In this skill context, that creates a high risk of accidental infrastructure deletion and service outage from mistaken user input, prompt injection into an agent, or operator misunderstanding.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal