ClawHub

Mechanism Flowchart

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple, disclosed local Python tool for turning medical mechanism text into Mermaid diagrams, with only minor scoping and dependency hygiene notes.

Use this for non-sensitive educational or publication diagram drafting, review the local Python script before running it, and avoid installing unnecessary unpinned dependencies. Do not rely on it for medical advice or clinical decision-making, and keep use scoped to provided mechanism/pathway text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
Broad invocation guidance such as using the skill for generic data analysis tasks can cause the agent to apply this skill outside its narrowly intended domain, increasing the chance of unsafe input handling, inappropriate file/script execution, or misuse of packaged workflows. In an agent system, over-broad routing language is dangerous because it expands the conditions under which untrusted inputs may reach executable components like scripts/main.py.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The finding indicates the skill can be invoked from an overly broad manifest-style description without clear trigger constraints. In an agent setting, ambiguous invocation boundaries can cause the skill to run on unintended prompts, increasing the chance of scope drift, misuse on unsupported inputs, or unsafe downstream execution paths; this is reinforced by the stress-case failure already recorded for scope and boundary guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal