ClawHub

Hologres Uv Compute

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Hologres analytics guide, but its examples can create persistent database objects and user-ID mappings if run against a real database.

Install this only if you intend to build Hologres UV/PV pipelines. Use a test database or least-privileged account first, verify the hologres-cli package source, review all CREATE, CALL, REFRESH, and mapping-table SQL before running it, and apply your privacy and retention rules to any user identifier mappings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to run write-capable Hologres commands and DDL/refresh operations such as table creation, extension installation, and dynamic table refreshes, but it does not clearly warn that these actions modify database state. In an agent setting, this can lead to unintended schema changes, extension enablement, storage/resource consumption, or production data mutations if executed against the wrong environment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explains how to convert raw text user identifiers into persistent integer mappings for bitmap aggregation, but it omits privacy and data-governance warnings. Mapping device IDs or UUIDs into a durable lookup table can still constitute personal data processing, enabling long-term linkability, re-identification risk, and broader downstream use without clear minimization or retention guidance.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal