ClawHub

Highgo Db

Security checks across malware telemetry and agentic risk

Overview

This is a real HighGo database connector, but it gives an agent broad database execution power without strong safety boundaries.

Install only if you intentionally want an agent to run SQL against HighGo DB. Use a least-privilege or read-only account when possible, avoid putting real passwords in command lines or prompts, verify any bundled or external driver source, and require manual review before running SQL that changes data, schema, permissions, or database configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is described as a HighGo-specific database connector, but the documented behavior supports executing arbitrary SQL and appears to expose broad PostgreSQL/psycopg2 capabilities beyond that narrow claim. This mismatch is dangerous because it can cause users or policy systems to underestimate the skill's ability to perform destructive database actions, exfiltrate data, or operate as a general-purpose DB client.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Allowing a caller to supply an arbitrary driver path lets the script import Python code and load native libraries from outside the bundled psycopg2 driver. Because the code modifies sys.path, creates a symlink, and adjusts LD_LIBRARY_PATH based on attacker-controlled input, a malicious local path could lead to arbitrary code execution in the script's process.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README demonstrates invoking the database script with a plaintext password embedded directly in the DSN on the command line. Even as an example, this encourages unsafe operational practice because shell history, process listings, logs, and copied documentation can expose credentials; in a database-access skill, that risk is directly relevant and more dangerous because users are likely to paste the example with real secrets.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly promotes executing SQL statements but provides no warning that SQL may include destructive operations such as DROP, DELETE, UPDATE, or privilege changes. In the context of a database execution skill, this omission materially increases the risk of accidental data loss, unauthorized modification, or misuse by downstream agents or users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example DSN embeds a plaintext password directly in the command line, which can leak through shell history, process listings, logs, and screenshots. Even though the example uses a placeholder, documenting this pattern normalizes insecure secret handling and can lead users to expose real database credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal