ClawHub

SageMaker Training Job

Security checks across malware telemetry and agentic risk

Overview

This SageMaker helper mostly matches its stated purpose, but it should be reviewed because it can create billable AWS jobs and automatically extracts downloaded model archives in an unsafe way.

Install only if you intentionally want an agent to run SageMaker training jobs. Use a dedicated AWS profile or short-lived role, least-privilege IAM policies, a dedicated S3 bucket, scoped iam:PassRole, and dry-run review before submitting. Avoid broad source directories, use a dedicated output directory, and disable or patch automatic artifact extraction before handling untrusted model archives.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly requires sensitive capabilities including environment access, filesystem read/write, and shell execution to package code, access AWS credentials, and run submission scripts, but it does not declare permissions explicitly. This creates a transparency and governance gap: users or orchestrators may invoke the skill without understanding it can access credentials and local files, increasing the risk of unintended data exposure or unsafe execution.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Broad trigger phrases such as "SageMaker" or "cloud training" can cause the skill to activate in contexts where the user did not intend to submit or manage AWS training jobs. In a skill that can access AWS credentials, package local code, upload to S3, and launch billable cloud resources, unintended invocation can lead to cost exposure, data leakage, or accidental execution against production accounts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup guide explicitly shows configuring long-lived AWS access keys on a personal PC via `aws configure` and environment variables, but does not warn about secure storage, key rotation, shell history exposure, or preferable short-lived credential mechanisms. In a cloud-training skill that can submit jobs, pass roles, and access S3 artifacts, compromised local credentials could enable unauthorized SageMaker usage, data access, and cloud cost abuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script automatically extracts a tar.gz downloaded from S3 using tar.extractall() without validating member paths or warning the user. A malicious or compromised training job output could include path traversal entries or unsafe symlinks that overwrite arbitrary files on the analyst's machine when artifacts are downloaded.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal