ClawHub

SQLBot

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SQLBot helper that uses user-provided SQLBot credentials to query workspaces, datasources, chats, and dashboards, with local state and export files as expected.

Install only if you trust the SQLBot instance configured in SQLBOT_BASE_URL and are comfortable giving the skill SQLBot API credentials. Use a scoped API key if available, keep .env out of version control, restrict file permissions, and review export output paths before running dashboard exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares only tools but no explicit permission model, while its documented behavior clearly includes reading local configuration files, writing export files, and making authenticated network requests to SQLBot services. This creates a mismatch between apparent capability and declared access, which can mislead reviewers and users about the skill's trust boundary and increases the risk of unintended data access or exfiltration if the wrapped script behaves unexpectedly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to create a local `.env` containing API access and secret keys, but it does not warn that these credentials are sensitive, should be excluded from version control, and should be protected with filesystem permissions. In an agent-skill context, users may copy the directory into shared project locations, increasing the chance of accidental exposure through commits, backups, or multi-user hosts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal