ClawHub

Inclusion Criteria Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PatSnap life-science research helper that uses external MCP services and web search for drug, patent, and clinical-trial intelligence.

Install only if you are comfortable configuring PatSnap MCP access and sending target, drug, company, indication, or trial queries to external services. Avoid entering confidential protocol drafts, unpublished strategy, patient data, or proprietary study materials unless your organization permits that use with PatSnap and any web-search providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation text is very broad and can trigger on a wide range of clinical trial, recruitment, and competitor-analysis requests without clear boundaries. Overbroad triggering increases the chance the skill is invoked inappropriately on sensitive protocol content or strategic data, leading to unnecessary file/network actions and disclosure of regulated or confidential information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The markdown describes external API/network use and writing output files, but does not provide user-facing warnings about what data may be transmitted, stored, or modified. In a pharma context, this is especially risky because protocol drafts, eligibility criteria, and feasibility inputs may contain confidential business information or sensitive study details that should not be sent externally or written broadly without notice.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal