ClawHub

Hologres Schema Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Hologres schema-design helper, but users should treat its generated or example database-changing SQL as production-sensitive.

Install hologres-cli only from a trusted source and verify which Hologres account and database it will use. Review generated CREATE, ALTER, DROP, and scheduled cleanup SQL before execution, especially partition drops because they can permanently remove data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This skill is presented as a schema design assistant, but it explicitly enables and normalizes write-capable database operations such as `hologres sql run --write` and `hologres table create`. In an agent setting, that crosses from advisory output into direct state-changing actions, which can create or alter production objects if user intent, environment targeting, or approval boundaries are ambiguous.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The automation block programmatically enumerates partitions and irreversibly drops tables based on name-derived dates, which can cause large-scale data loss if copied into production without careful validation. In a schema-generation/admin skill context, users may treat included scripts as ready-to-run operational guidance, so the lack of a prominent pre-execution warning, dry-run mode, or stronger safeguards makes accidental destructive use more plausible.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal