ClawHub

SONiC KVM Testbed

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for a real local SONiC virtual testbed, but it gives unsafe privilege and credential instructions that need careful review before use.

Install only for an isolated, disposable lab. Do not reuse the documented passwords, do not expose the DUT or management bridge to untrusted networks, avoid chmod 666 on the Docker socket, prefer SSH keys or unique secrets, and remove any temporary admin accounts and sudoers/socket changes after testing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to create a plaintext vault password file with a trivial default value (`abc`) and later uses a hardcoded SSH credential (`password`) for access. Even in a local lab, documenting weak default credentials without an explicit warning normalizes insecure handling of secrets and can lead to credential reuse, accidental disclosure in shell history, filesystems, or screenshots.

Missing User Warnings

High
Confidence
100% confidence
Finding
This section directs the user to create an `admin` account with passwordless sudo and then make the Docker socket world-writable. That combination effectively grants root-equivalent access to any local user or process on the DUT, greatly increasing the risk of full system compromise if the VM is reachable or shared.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The document instructs operators to create additional privileged accounts, grant passwordless sudo, and relax access to the Docker socket without any warning about the security consequences. In a testbed context this may be intended for convenience, but it materially weakens host and device security by expanding privileged access and making compromise or lateral movement easier.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The configuration examples embed default and plaintext passwords such as 'password', 'YourPaSsWoRd', and EOS defaults, with no requirement to rotate them. In lab environments these values are often copied verbatim, which can lead to trivial unauthorized access if the systems are reachable or reused beyond an isolated environment.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Recommending `sudo chmod 666 /var/run/docker.sock` makes the Docker control socket world-writable, allowing any local user or process on the DUT to control Docker. Since Docker access is effectively root-equivalent on many systems, this can lead to privilege escalation and full host compromise.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# For CI image (has admin, needs your local user):
ssh admin@<DUT_IP>
sudo useradd -m -s /bin/bash -G sudo,docker <your_user>
echo '<your_user>:password' | sudo chpasswd
sudo bash -c "echo '<your_user> ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/<your_user>"

# For local build (has your user, needs admin):
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
ssh admin@<DUT_IP>
sudo useradd -m -s /bin/bash -G sudo,docker <your_user>
echo '<your_user>:password' | sudo chpasswd
sudo bash -c "echo '<your_user> ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/<your_user>"

# For local build (has your user, needs admin):
ssh <your_user>@<DUT_IP>
Confidence
97% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# For local build (has your user, needs admin):
ssh <your_user>@<DUT_IP>
sudo useradd -m -s /bin/bash -G sudo,docker admin
echo 'admin:password' | sudo chpasswd
sudo bash -c "echo 'admin ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/admin"
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# For local build (has your user, needs admin):
ssh <your_user>@<DUT_IP>
sudo useradd -m -s /bin/bash -G sudo,docker admin
echo 'admin:password' | sudo chpasswd
sudo bash -c "echo 'admin ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/admin"

# Always fix docker socket:
Confidence
97% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
ssh <your_user>@<DUT_IP>
sudo useradd -m -s /bin/bash -G sudo,docker admin
echo 'admin:password' | sudo chpasswd
sudo bash -c "echo 'admin ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/admin"

# Always fix docker socket:
sudo chmod 666 /var/run/docker.sock
Confidence
99% confidence
Finding
sudo

Tool Parameter Abuse

High
Category
Tool Misuse
Content
sudo bash -c "echo 'admin ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/admin"

# Always fix docker socket:
sudo chmod 666 /var/run/docker.sock
```

### Identifying the Build User
Confidence
100% confidence
Finding
chmod 666

Chaining Abuse

High
Category
Tool Misuse
Content
# For CI image (has admin, needs your local user):
ssh admin@<DUT_IP>
sudo useradd -m -s /bin/bash -G sudo,docker <your_user>
echo '<your_user>:password' | sudo chpasswd
sudo bash -c "echo '<your_user> ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/<your_user>"

# For local build (has your user, needs admin):
Confidence
94% confidence
Finding
| sudo

Chaining Abuse

High
Category
Tool Misuse
Content
# For local build (has your user, needs admin):
ssh <your_user>@<DUT_IP>
sudo useradd -m -s /bin/bash -G sudo,docker admin
echo 'admin:password' | sudo chpasswd
sudo bash -c "echo 'admin ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/admin"

# Always fix docker socket:
Confidence
94% confidence
Finding
| sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal