ClawHub

SMILES De-salter

Security checks across malware telemetry and agentic risk

Overview

This is a local chemistry utility that reads user-chosen SMILES data and writes a de-salted output file, with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Reasonable to install for local SMILES de-salting. Use a virtual environment, pin or review pandas and rdkit versions for reproducibility, and choose input and output paths carefully because the script can write or overwrite the specified output file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
71% confidence
Finding
The trigger guidance is broad enough to encourage use for generic 'data analysis tasks' beyond strict SMILES de-salting. Over-broad invocation criteria can lead operators or agents to route unrelated inputs into a file-processing script, increasing the chance of misuse, unsafe assumptions, and processing of unintended or sensitive data.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The skill documents writing output files but does not clearly warn about overwrite behavior, destination restrictions, or safe file handling. In automated environments, that omission can cause accidental clobbering of existing files or writing results to unintended locations, especially when output paths are user-supplied.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
rdkit
Confidence
96% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
rdkit
Confidence
95% confidence
Finding
rdkit

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal