ClawHub

In Silico Perturbation Oracle

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it needs review because it presents simulated bioinformatics outputs as production-ready model-backed predictions that could influence wet-lab decisions.

Install only if you understand this appears to be a demo/framework rather than a validated scientific predictor. Do not use its scores, differential expression tables, synergy calls, or wet-lab recommendations for real experimental planning without independent validation and code changes that perform genuine model inference. Run it in an isolated Python environment and avoid sensitive or proprietary biomedical inputs unless you have reviewed the dependencies and data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file presents itself as a foundation-model-based virtual gene knockout predictor, but the implemented prediction path relies on simulated/random outputs rather than real model inference. In a bioinformatics decision-support context, this can mislead users into treating fabricated results as scientifically grounded evidence, which may drive incorrect target prioritization and downstream wet-lab work.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation states that biological foundation models are used for in silico perturbation, while the code explicitly falls back to mock loading and placeholder perturbation simulation. This mismatch is dangerous because it creates false provenance for outputs in a sensitive scientific domain where users may rely on the tool for experimental planning.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The combinatorial knockout feature claims to analyze double knockouts, but the 'double' result is produced by calling the single-gene workflow with both genes and later using only the first result entry to compute synergy. This can generate incorrect synergy assessments and mislead users into believing pairwise interaction effects were modeled when they were not.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill states high-risk network/API and file write behavior, but it does not clearly disclose what user data, gene lists, cell types, datasets, or model inputs may be transmitted to external services or persisted locally. In a bioinformatics context, this can expose proprietary research targets, unpublished results, or potentially sensitive biomedical data without informed user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal