ClawHub

Code Refactor for Reproducibility

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local research-code refactoring helper, with expected file-generation behavior but some setup hygiene users should review.

Install/use this only for research-code reproducibility work. Run it in a sandbox or disposable working directory, choose a fresh output directory, inspect requirements.txt before installing dependencies, and review generated reproducibility_info.json before sharing results because it may include hostname and package inventory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation description is broad enough to match many ordinary coding and research-assistance requests, which can cause the skill to trigger in contexts beyond its intended workflow. Because the skill includes command execution and file modification guidance, overbroad invocation expands the chance of applying powerful actions in unsuitable or insufficiently reviewed situations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The 'When to Use' section repeatedly describes positive matches but does not define clear stop conditions or exclusions, making it easy for the skill to be used on adjacent tasks. In a skill that recommends editing code, running scripts, and generating environment setup, ambiguous scope increases the risk of unsafe execution or unintended repository changes.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script recursively reads an attacker- or user-selected input tree and writes a large set of files into a user-selected output directory with no overwrite protection, dry-run mode, or explicit confirmation. In practice, this can destroy or pollute existing directories, especially if pointed at an important path, causing integrity loss and unintended filesystem modification.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The generated code collects host metadata such as hostname, platform, Python version, and installed packages and writes it to disk without meaningful user notice or consent. In research and enterprise settings, that inventory can leak sensitive environment details, aiding fingerprinting, internal host identification, or unintentional disclosure when results are shared.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The generated code executes `pip freeze` automatically to collect environment information without disclosing that behavior in the skill. While the command is fixed, it still triggers external process execution and creates a detailed software inventory that may be sensitive or unexpected in restricted environments.

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
Confidence
95% confidence
Finding
numpy

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
src
Confidence
95% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
src
Confidence
94% confidence
Finding
pytest

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
src
Confidence
95% confidence
Finding
scipy

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
pytest
scipy
src
Confidence
89% confidence
Finding
src

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal