ClawHub

Network Tox Docking Research Planner

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only research planning skill for network toxicology and docking studies, with no code execution, secrets access, persistence, or hidden data handling found.

Install only if you want an agent to help draft computational toxicology and docking study plans. Avoid entering confidential chemical structures, unpublished targets, or proprietary study details into public databases or docking services unless you have checked their terms and data-retention policies. Treat outputs as hypothesis-generating research plans, not proof of toxicity, causality, or clinical relevance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger text is excessively broad and includes casual phrases like 'I want to study how chemical X affects disease Y' and 'help me design a toxicology paper,' plus an instruction to 'always use this skill.' This can cause the skill to activate for loosely related or ambiguous requests, increasing the chance of misrouting users into a specialized biomedical workflow when they intended something else, including requests that may involve hazardous toxicants or regulated research topics.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction 'Activate this sequence whenever Hard Rule 11 fires' references an internal rule that is not defined in this file, creating an ambiguous control condition for a recovery workflow. In an agent skill, undefined gating logic can cause inconsistent behavior, accidental triggering, or failure to trigger safeguards, which weakens reliability and can be abused if other components interpret the missing rule differently.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal