ClawHub

Systematic Review Screener

Security checks across malware telemetry and agentic risk

Overview

This is a local research-screening helper whose file access and outputs fit its stated purpose, though users should review its defaults before relying on results.

Install only if you are comfortable running a local Python script over your reference files. Before real use, fix or verify the dependencies, edit the YAML criteria to match your protocol, remove or justify English-only filtering, and manually review conflicts and exclusions before reporting results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly instructs users to run a Python script that reads input files and writes output files, but the manifest does not declare any corresponding permissions or constraints. This creates a transparency and policy-enforcement gap: operators may trust the skill as lower-risk than it is, and any runtime permission framework cannot accurately gate file access.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The example criteria hard-code `allowed: ["English"]`, which can silently exclude non-English studies without explicit user approval or methodological justification. In a systematic review context, this can bias evidence selection, undermine reproducibility, and lead to incomplete or skewed research conclusions.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The code automatically excludes records when its heuristic language check falls below a threshold, even though language detection is simplistic and there is no explicit user opt-in or documented justification tied to review protocol. In a systematic-review screening tool, this can silently bias evidence selection and cause wrongful exclusion of relevant studies, undermining research integrity and reproducibility.

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
yaml
Confidence
97% confidence
Finding
dataclasses

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
yaml
Confidence
99% confidence
Finding
yaml

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal