ClawHub

Adaptive Trial Simulator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local clinical-trial simulation script, but its statistical outputs and dependency hygiene need careful expert review before use.

Install in an isolated Python environment, pin and review NumPy/SciPy/Matplotlib versions before serious use, and choose the output path deliberately because files may be overwritten. Treat results as research support only; have assumptions, code behavior, and operating-characteristic estimates reviewed by qualified biostatistics and regulatory experts before using them for clinical-trial decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The code hard-codes sample size re-estimation to occur only when the simulator knows it is running under the alternative hypothesis, using simulation truth rather than observable trial data. This leaks oracle knowledge into the adaptive rule, producing biased power/Type I error estimates and potentially unsafe trial design recommendations that could invalidate a clinical study.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The script writes results to a user-controlled file path without validation or confinement. In higher-privilege or automated environments, this can overwrite arbitrary files accessible to the process, causing data loss, tampering with outputs, or clobbering operational files.

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
matplotlib
numpy
scipy
Confidence
88% confidence
Finding
numpy

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
matplotlib
numpy
scipy
Confidence
86% confidence
Finding
scipy

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
91% confidence
Finding
numpy

Known Vulnerable Dependency: scipy — 4 advisory(ies): CVE-2013-4251 (SciPy creates insecure temporary directories); CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temporary dire); CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovered in scipy) +1 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
scipy

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal