ClawHub

Automl Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only AutoML guide with disclosed PyCaret model training, saving, app/API generation, and optional cloud deployment examples.

Safe to install as an AutoML documentation skill. Before running deployment or generation examples, review dataset and model sensitivity, choose output paths intentionally, inspect generated app/API/Docker files, and use least-privilege cloud credentials for any AWS, GCP, or Azure deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as an AutoML modeling aid, but the documented workflow expands into deployment and artifact generation, including cloud deployment, API scaffolding, and Docker creation. This scope expansion can cause an agent or user to perform external side effects and infrastructure changes that are not clearly communicated by the manifest, increasing the risk of unintended actions.

Description-Behavior Mismatch

Medium
Confidence
80% confidence
Finding
The documentation claims the skill is deployment-ready even though the manifest primarily frames it as an AutoML modeling tool. That mismatch is security-relevant because downstream systems may authorize or invoke the skill under narrower assumptions than the content actually supports.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code examples include direct cloud deployment to AWS/GCP/Azure without any guardrails, approval flow, or discussion of credential use and resource creation. In an agent setting, such examples normalize infrastructure-modifying actions that could lead to unauthorized deployments, cost exposure, or misuse of cloud credentials.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill documents creation of web apps, REST APIs, and Docker files even though its stated purpose is AutoML assistance. Generating executable artifacts can expand the attack surface, introduce unsafe defaults, or cause users to publish model-backed services without security review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Deployment and artifact-generation actions are described as normal workflow steps but without any warnings about cloud changes, local file creation, generated code, or operational consequences. That omission increases the chance that users or agents will trigger side-effecting actions without understanding cost, exposure, or persistence implications.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document explicitly instructs users to save models locally and deploy them to AWS, GCP, and Azure using authentication parameters, but it provides no warning that these actions persist artifacts, may upload data or model assets to remote infrastructure, and involve sensitive cloud credentials. In a skill context, this can lead users to perform state-changing or externally connected operations without understanding the security, privacy, or credential-handling implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal