ClawHub

Nginx Proxy Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Nginx Proxy Manager admin helper, but it can make live proxy changes and delete hosts with weak guardrails around credentials and destructive actions.

Install only in a trusted environment where NPM admin credentials and /root/.npm-token.json are protected. Review every generated API request before it runs, avoid using the delete command on production hosts without an independent backup or rollback plan, and remove or rotate the cached token when the skill is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill performs privileged operations using environment credentials, local scripts, and network access, but declares no permissions or trust boundaries. This hides its effective capabilities from reviewers and users, increasing the chance of unintended credential exposure or unauthorized infrastructure changes when the skill is invoked.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose says the skill manages proxy hosts, certificates, and access lists, but the implemented behavior includes destructive deletion and enable/disable actions while omitting several advertised management functions. This mismatch is dangerous because users or orchestration systems may trust the description and invoke the skill in contexts where unexpected destructive actions can disrupt routing, availability, or TLS configuration.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill metadata says it should add domains, point domains, enable SSL, or check status, but the script also supports deleting proxy hosts. In an agent setting, capability drift is dangerous because users and policy layers may authorize the skill for narrower actions than the code can actually perform, enabling destructive operations outside expected scope.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs operators to supply NPM admin credentials and use the REST API to manage proxy infrastructure without warning about secure secret handling or the sensitivity of these actions. In this context, the skill administers internet-facing reverse proxy configuration, so poor credential handling or casual use could expose administrative access and lead to broad service compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents direct deletion of proxy hosts without any warning, confirmation flow, backup guidance, or rollback procedure. In an Nginx Proxy Manager context, deleting a host can immediately break domain routing and TLS exposure for production services, causing outages and potentially security regressions if traffic is reconfigured incorrectly afterward.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script caches a bearer token on disk at /root/.npm-token.json without setting restrictive file permissions or adding other protections. If that file is readable by unintended processes, users, backups, or containers, an attacker could reuse the token to administer proxy hosts and certificates.

Missing User Warnings

High
Confidence
96% confidence
Finding
The delete command performs an irreversible administrative action immediately with no confirmation prompt, dry-run mode, or secondary approval. In an agent context this is especially risky because a misunderstanding, prompt injection, or wrong host ID could cause service outage by deleting a live proxy configuration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal