ClawHub

Hormuzmonitorskills

Security checks across malware telemetry and agentic risk

Overview

This monitoring skill is coherent overall, but it automatically runs an unreviewed local deployment script that can push data to GitHub and trigger a public website update.

Install only if you own or trust ~/hormuz-website/scripts/update_and_deploy.sh and want each monitoring run to update a GitHub-backed Vercel site. Inspect that script first, confirm the target repository and branch, use limited credentials, and keep a backup of MONITOR_LOG.md if history older than 7 days matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill's declared purpose is monitoring and logging shipping traffic, but it also instructs the agent to execute a local shell script that updates a website, pushes to GitHub, and triggers deployment. This expands the trust boundary from passive data collection into code execution and external side effects, creating risk of unauthorized publication, repository modification, and abuse if the script or environment is compromised.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The metadata and description present the skill as only writing findings to `MONITOR_LOG.md`, but the body also authorizes trimming historical entries and deploying website updates. This mismatch can mislead operators about the real capabilities and side effects of the skill, undermining informed consent and safe review.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to remove log entries older than 7 days without any user warning, retention policy context, or confirmation step. Silent deletion can destroy operational history, hinder auditing, and cause loss of evidence or trend data that users may reasonably expect to persist.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Running a deployment script and pushing results to GitHub changes external systems, but the skill does not surface this as a distinct high-impact action requiring user awareness or approval. In an agent setting, hidden publication steps are dangerous because they can expose incorrect, sensitive, or manipulated data and may trigger downstream automation like Vercel deploys.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal