ClawHub

NL-to-SQL Query Builder

Security checks across malware telemetry and agentic risk

Overview

The skill matches its NL-to-SQL purpose, but it can save database credentials and sensitive query logs to local files without redaction or clear controls.

Review before installing in any environment with real business data. Use only with read-only database credentials, avoid embedding passwords in database URLs, restrict permissions on audit.db and exported JSON files, and add redaction, retention, and authorization controls before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The statistics logic is flawed when a date range is supplied: queries such as `WHERE executed = 1 {where_clause}` and `WHERE error IS NOT NULL {where_clause}` can produce invalid SQL or incorrect filtering because a second `WHERE` is appended instead of combining conditions with `AND`. In a compliance-oriented audit logger, inaccurate or broken reporting undermines monitoring, incident review, and regulatory evidence, even if it is not a direct code-execution issue.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly advertises a full audit trail that tracks all queries and interpretations, but the description provides no indication of redaction, minimization, retention limits, or user notice. In an NL-to-SQL workflow, user queries and generated interpretations can easily contain sensitive business data, schema details, credentials embedded in prompts, or personal data, so indiscriminate logging creates a real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
`export_audit_log` writes complete audit records—including user queries, generated SQL, user IDs, and session IDs—to any caller-supplied file path with no access control, path restrictions, redaction, or consent checks. In the NL-to-SQL context, these logs can contain sensitive business data, personal identifiers, and query intent, so unrestricted export increases the risk of data leakage and unauthorized local file writes.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The export_log method writes the full fallback review log, including raw query text, user_id, timestamps, context, and potentially modified queries, to an arbitrary file path without redaction, access control, or audit safeguards. In an NL-to-SQL system, these fields may contain sensitive business data, personal data, or internal schema details, so exporting them to disk can create a data leakage risk if the file is stored insecurely or written to an attacker-controlled location.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The generated JSON includes the raw database URL, which may contain embedded usernames and passwords for non-SQLite connections. Writing those credentials to an output file can leak secrets to other users, logs, backups, source control, or downstream tools that consume the JSON, especially in an NL-to-SQL skill where artifacts may be broadly shared.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal