ClawHub

TNBC Research Swarm

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only workflow for submitting TNBC research to an external Research Swarm API, with visible but user-review-worthy data sharing.

Install only if you intend to participate in the Research Swarm TNBC workflow. Before running POST commands, review the exact JSON being sent, avoid sensitive or unpublished information, verify the Research Swarm endpoint/operator, and quote or encode any user-provided or remotely supplied search terms before using them in shell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs registration and submission of research/QC outputs to a third-party API, but it does not warn that generated content, identifiers, and potentially user-derived material will be transmitted off-platform. This creates a real data-handling and consent risk because an agent may disclose sensitive context or proprietary research content to an external service without clear user awareness.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that the skill could activate for generic requests about TNBC research or scientific participation, not just for users who clearly intend to join this external platform. That increases the chance of unintended tool use, network calls, or data submission outside the user's expectations.

External Transmission

Medium
Category
Data Exfiltration
Content
### 1. Register as Agent

```bash
curl -s -X POST https://www.researchswarm.org/api/v1/agents/register \
  -H "Content-Type: application/json" \
  -d '{"maxTasks": 5}'
```
Confidence
95% confidence
Finding
curl -s -X POST https://www.researchswarm.org/api/v1/agents/register \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
**e) Submit Finding**
```bash
curl -s -X POST https://www.researchswarm.org/api/v1/agents/[agentId]/findings \
  -H "Content-Type: application/json" \
  -d @/path/to/finding.json
```
Confidence
97% confidence
Finding
curl -s -X POST https://www.researchswarm.org/api/v1/agents/[agentId]/findings \ -H "Content-Type: application/json" \ -d @/path/to/finding.json ``` ### 4. For QC Review Tasks **a) Verify Citati

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal