ClawHub

Neoantigen Predictor

Security checks across malware telemetry and agentic risk

Overview

The files are a mostly coherent NIH biosketch generator, but the published name and slug describe a different tool, so users could install it under a mistaken expectation.

Review this before installing because the package appears in metadata as 'Neoantigen Predictor' but actually installs an NIH biosketch generator. Only use it if that is the tool you want, run it in an isolated Python environment, fix the dependency declaration to the intended python-docx package, and treat PubMed import/search options as network calls that send PMIDs or author query terms to NCBI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises executable Python code with file read/write and network behavior but does not declare permissions or equivalent capability boundaries. This is dangerous because a caller or platform may treat the skill as lower risk than it is, leading to unintended data access, outbound requests, or file creation without informed approval or sandboxing.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The declared purpose is biosketch generation, but the documented behavior also includes PubMed searching, external API access, and generation of additional JSON/publication export artifacts. This mismatch is risky because operators may approve or invoke the skill for document formatting while overlooking that it can transmit user-supplied data externally and create extra files beyond the expected deliverable.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata says it generates NIH biosketch documents, but this code also performs outbound network access to PubMed and exports publication JSON. That scope mismatch is security-relevant because users or orchestrators may grant it broader capabilities than expected, enabling unexpected data egress, network activity, or workflow abuse under a seemingly document-only skill.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The CLI exposes additional operational modes for template generation and publication JSON output that are not reflected in the declared skill purpose. While not directly code-execution dangerous, this mismatch weakens trust boundaries and can cause an agent platform or user to invoke file-writing behaviors outside the expected biosketch-generation scope.

Unpinned Dependencies

Low
Category
Supply Chain
Content
docx
requests
Confidence
97% confidence
Finding
docx

Unpinned Dependencies

Low
Category
Supply Chain
Content
docx
requests
Confidence
99% confidence
Finding
requests

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal