ClawHub

Windows Remote

Security checks across malware telemetry and agentic risk

Overview

This skill matches its remote Windows administration purpose, but it gives broad remote command and file-transfer power while disabling SSH host identity checks.

Install only if you intentionally want an agent to administer a specific Windows machine over SSH. Use a dedicated least-privilege SSH key and account, avoid Administrator unless required, review every upload/download and service or script command, and consider editing the scripts to enforce known_hosts verification before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill manifest and top-level description frame the capability as remote command execution over SSH, but the documentation also exposes file upload and download functionality. This mismatch can cause the agent or operator to grant broader data movement powers than expected, increasing the risk of unreviewed exfiltration or destructive file placement on a remote host.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrase "check GPU" is vague and may activate for local Linux, macOS, cloud, or container GPU checks that have nothing to do with remote Windows administration. This can route benign requests into a remote-execution skill and cause commands to run on the wrong system.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrase "check GPU" is vague and may activate for local Linux, macOS, cloud, or container GPU checks that have nothing to do with remote Windows administration. This can route benign requests into a remote-execution skill and cause commands to run on the wrong system.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation presents remote command execution and file transfer as routine operations without prominently warning that these actions can modify systems, start services, run arbitrary code, or move data. In an agent setting, underspecified safety boundaries make high-impact operations easier to invoke without adequate user awareness or confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script explicitly disables SSH host key verification with StrictHostKeyChecking=no, which allows connections to proceed without validating the remote server identity. This makes SCP transfers vulnerable to man-in-the-middle attacks, enabling an attacker on the network or with DNS/routing influence to impersonate the Windows host and supply or intercept files.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal