100Critical
The skill performs unauthorized remote code execution and network access while bypassing security constraints by failing to declare its tool surface and capabilities.
Skill Info
Nameclickhouse/agent-skills/clickhousectl-local-dev
Registrygithub
Version544384f4fab1
PURLpkg:github/clickhouse/agent-skills@544384f4fab1?skill=clickhousectl-local-dev
Stars468
Installs1,000
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
1,000 installs
Skills.shDocs
npx skills add https://github.com/clickhouse/agent-skillsAssessments (2)
AI Agent Traps ↗Remote code download and execution detectedcriticalcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
Remote code download and execution detected
100% confidenceline 36
curl -fsSL https://clickhouse.com/cli | sh
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/clickhouse/agent-skills/clickhousectl-local-dev)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/clickhouse/agent-skills/clickhousectl-local-dev"><img src="https://mondoo.com/ai-agent-security/api/badge/github/clickhouse/agent-skills/clickhousectl-local-dev.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/clickhouse/agent-skills/clickhousectl-local-dev.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow