ClawHub

ADME Property Predictor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local small-molecule ADME prediction helper with some documentation and dependency hygiene issues, but no evidence of hidden, destructive, credential-seeking, or unrelated behavior.

Reasonable to install if you need local, rough ADME estimates for small molecules. Use only valid SMILES strings or CSV files with SMILES data, run it in a virtual environment, pin or review dependencies if reproducibility matters, and do not treat its outputs as experimental or regulatory-grade evidence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation includes example invocations using clinical-style free text despite the skill being a molecule/SMILES-based ADME predictor. That contradiction can mislead an agent into feeding arbitrary text into the tool, producing nonsensical outputs, fallback behavior, or accidental downstream misuse of fabricated-looking results as if they were valid pharmacokinetic predictions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The 'When to Use' section is broad enough to attract generic data-analysis tasks outside the tool's real scope. In an agent setting, overbroad routing guidance is dangerous because it increases the chance that the skill is selected for inappropriate tasks, where it may fail open, generate irrelevant outputs, or trigger unintended script execution on unsuitable inputs.

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
rdkit
Confidence
97% confidence
Finding
dataclasses

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
rdkit
Confidence
99% confidence
Finding
rdkit

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal