ClawHub

Optional Strict Instructions 可选择的严格指令

Security checks across malware telemetry and agentic risk

Overview

This skill is safety-oriented, but it includes an overbroad shell helper that can run arbitrary commands with sudo and handles sudo passwords unsafely.

Review carefully before installing. Use the written confirmation checklist only as guidance, do not pass sudo passwords to the agent or script arguments, and manually inspect any delete, sudo, package-install, service-management, account, database, or system-configuration command before approving it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The header frames the script as a safe 'strict execution' template, but the implementation exposes a generic arbitrary command execution path via `sudo-cmd` and `sh -c`. That mismatch is dangerous because users or downstream agents may trust the script as a constrained safety helper when it actually enables broad command execution, including privileged execution.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation criteria are very broad and could cause this skill to trigger on many ordinary requests involving files, system changes, or explicit user methods. Over-broad activation increases the chance that high-risk operational guidance, including destructive or privileged command patterns, is injected into contexts where it was not necessary.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The usage examples explicitly support passing a sudo password as a command-line argument. Command-line arguments are commonly exposed via process listings, shell history, audit logs, and orchestration tooling, making credential disclosure likely.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup.$(date +%s)

2. 添加gzip配置:
   sudo sed -i '/http {/a\\    gzip on;\\n    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' /etc/nginx/nginx.conf

3. 验证语法:
   sudo nginx -t
Confidence
80% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
2. 非交互式创建
   sudo useradd -m -s /bin/bash deploy
   sudo passwd deploy

3. 创建带特定UID/GID的用户
   sudo useradd -m -u 1500 -g 1500 deploy
Confidence
77% confidence
Finding
sudo

Tool Parameter Abuse

High
Category
Tool Misuse
Content
找到文件:/home/user/important.pdf (2.3MB, 属于user用户)

用户指定使用sudo删除。执行:
sudo rm -f "/home/user/important.pdf"
```

**Phase 3: Execution**
Confidence
95% confidence
Finding
rm -f "/home/user/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**Phase 3: Execution**
```
执行sudo命令:
$ sudo rm -f "/home/user/important.pdf"
```

**Phase 4: Handling Results**
Confidence
95% confidence
Finding
rm -f "/home/user/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Scenario 1: File Deletion with Explicit Method

### User Request
"Use sudo to delete /home/user/important.pdf"

### Step-by-Step Response
Confidence
84% confidence
Finding
delete /home/user/important.pdf

Chaining Abuse

High
Category
Tool Misuse
Content
安装docker需要sudo权限。请选择:

1. 标准安装 (推荐)
   sudo apt update && sudo apt install docker.io

2. 仅更新仓库
   sudo apt update
Confidence
86% confidence
Finding
&& sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal