ClawHub

DNA

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is not executable malware, but it asks agents to handle raw DNA and medication-related guidance without adequate privacy or medical-safety boundaries.

Review carefully before installing. Do not provide raw DNA, VCF/FASTQ files, prescription lists, or family health details unless the publisher documents concrete local processing, deletion, retention, and clinical-safety controls. Do not change medication, supplements, or medical care based on this skill without a qualified clinician.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes processing raw genomic data and producing health, longevity, and pharmacogenomic outputs, but it does not provide clear user-facing warnings about the extreme sensitivity of DNA data, privacy risks, downstream misuse, or the limitations of the generated recommendations. In this context, users may disclose uniquely identifying medical data and act on outputs as if they were clinically validated, creating significant privacy and safety risk even if the text claims encrypted or zero-knowledge handling.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill language encourages users to make diet, supplement, monitoring, and drug-compatibility decisions based on genetic analysis without a strong limitation, opt-in gate, or medical disclaimer. Because the context is genomic and pharmacogenomic guidance, users are likely to interpret the outputs as personalized medical advice, which could lead to harmful self-treatment, medication changes, or delayed professional care.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal