ClawHub

NIH Biosketch Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward NIH biosketch document helper with expected local file output and optional PubMed lookups, but users should notice the network and dependency caveats.

Install this if you need NIH biosketch drafting and formatting. Treat PubMed import/search as a networked feature: use it only when you are comfortable sending publication IDs, names, and optional affiliation terms to NCBI/PubMed. Review output paths before running because the script writes DOCX or JSON files to the provided location, and consider pinning/fixing dependencies before using it in a managed environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable behavior with file read, file write, and network access, but does not declare any permissions or capability boundaries. This is dangerous because users and hosting platforms cannot make an informed trust decision, and a downstream agent may invoke filesystem or network operations without explicit approval or sandbox expectations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose is narrowly framed as generating NIH biosketches, but the skill also describes publication lookup, PubMed imports, JSON export, and automatic metadata enrichment. This mismatch is dangerous because it conceals materially different data flows and behaviors, especially outbound requests and derivative data generation, which can lead to unexpected disclosure or execution beyond what a user consented to.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The usage examples describe automatic PubMed retrieval and DOCX/JSON output without clearly warning that identifiers and possibly user-supplied publication data will be transmitted to external services and written to disk. In an academic setting this can expose sensitive draft information, researcher identity linkages, or regulated project metadata through silent network and local file side effects.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough to encourage use beyond the narrowly defined NIH biosketch-generation task, which can cause the agent to accept out-of-scope academic writing requests and omit the stricter boundary handling expected for this skill. In this file, that concern is reinforced by the recorded stress-case failures for staying within scope and providing required boundary guidance, so the broad invocation is not merely cosmetic but plausibly contributes to unsafe routing and misuse.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The author search sends user-supplied name and optional affiliation data to the external PubMed API without any explicit consent prompt or privacy notice in the interface. In a research or institutional setting, this can expose personal or organizational identifiers to a third party and may violate user expectations or internal data-handling requirements.

Unpinned Dependencies

Low
Category
Supply Chain
Content
docx
requests
Confidence
93% confidence
Finding
docx

Unpinned Dependencies

Low
Category
Supply Chain
Content
docx
requests
Confidence
96% confidence
Finding
requests

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal