ClawHub

Doc Sysadmin

Security checks across malware telemetry and agentic risk

Overview

This Ubuntu maintenance skill is on-topic, but its included cleanup script can make broad system changes and delete temporary data without the safeguards its own instructions promise.

Review carefully before installing. Do not run scripts/cleanup.sh as-is on a real Ubuntu system unless you intentionally accept automatic package removal, broad deletion of /tmp and /var/tmp, log vacuuming, and cache dropping. A safer version should require explicit confirmation or a dry run, avoid automatic apt autoremove, and restrict temp cleanup to clearly scoped old files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The prose says only '*.tmp' files in /tmp older than 7 days may be deleted, but the provided script uses 'find /tmp -type f -atime +7 -delete', which removes any file under /tmp matching that age condition. On a shared or actively used system, this can delete non-.tmp application state, sockets, lockfiles, or recovery artifacts and cause data loss or service disruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file lists cleanup commands like `trash-empty` and `apt autoremove -y && apt clean` as simple maintenance steps without warning that they delete data or remove packages automatically. In an agent skill context, concise command references can be acted on directly by an automated system or copied by users without understanding side effects, increasing the chance of unintended data loss or removal of needed packages.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
`sync; echo 3 > /proc/sys/vm/drop_caches` is a privileged, disruptive command that can temporarily degrade performance and is often misunderstood as a harmless optimization. Presenting it without warning or context is risky in a sysadmin skill because an agent or user may execute it reflexively during troubleshooting, causing service disruption or masking the real performance issue.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs multiple destructive system maintenance actions immediately, including package removal, deletion of temporary files, journal vacuuming, and cache dropping, without any confirmation, dry-run mode, privilege checks, or safeguards. In a sysadmin skill context this is especially risky because users may invoke it as routine maintenance on a host system, causing unintended data loss or service disruption if run at the wrong time or with unexpected environment state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal