ClawHub

DrugFlow

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent DrugFlow automation toolkit, but it gives agents credentialed, token-consuming job and upload authority without enough safety controls or secret-handling guidance.

Install only if you intend an agent to operate a real DrugFlow account. Use a low-privilege account, avoid putting passwords directly in commands, protect and delete cookie files, verify the target DrugFlow URL, and confirm before uploading proprietary molecular data or creating jobs that may consume account or team tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The description frames the skill as an executable end-to-end workflow runner for login, registration, workspace access, balance retrieval, and job execution, but does not warn that these actions may authenticate to services, consume credits/tokens, mutate remote state, or expose user-provided data to external systems. In an agent setting, that omission can cause unsafe autonomous execution of impactful operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These workflow instructions describe multipart file uploads and `POST /api/jobs` creation for docking and related flows, including transmission of PDB/ligand content to a remote API, without disclosing confidentiality, integrity, cost, or mutation risks. Because the skill is specifically designed to submit computational jobs, the surrounding context makes the missing warning more dangerous, not less, since execution is the primary purpose of the skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document includes concrete authentication and session-cookie handling examples using real endpoints and a persistent cookie jar path, but provides no warning about protecting credentials, avoiding shared systems, or safeguarding session artifacts. In an agent skill context, this is more dangerous because agents may copy these commands verbatim, potentially logging secrets or leaving reusable session cookies on disk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file instructs users to authenticate by sending raw email/password credentials to a remote endpoint and storing session cookies in a local file under /tmp, but it provides no warning about credential handling, cookie sensitivity, or risks on shared systems. In a skill intended for agent execution, this is dangerous because it normalizes automated credential submission and persistence of reusable session state that could be exposed to other local users, logs, or follow-on steps.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to authenticate with real credentials and persist a session cookie to a world-accessible temporary path without any warning about protecting credentials, cookie reuse, cleanup, or avoiding shared systems. In an agent-skill context, this is risky because operators may copy-paste the commands verbatim, leaving reusable authenticated session state on disk and increasing the chance of credential or session theft.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to authenticate with real credentials and persist an active session in a cookie jar file, but it provides no warning about protecting credentials, avoiding shared or world-readable temp paths, or clearing session artifacts after use. In an agent-skill context, this increases the chance that secrets or authenticated session cookies are exposed via logs, reused across runs, or left on disk where other local users/processes can access them.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation shows a command line example with `--email user@example.com --password secret`, which normalizes passing credentials directly as shell arguments. In real use, command-line arguments may be exposed through shell history, process listings, logs, CI output, or shared terminal transcripts, increasing the chance of credential disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script requires a password via the --password command-line argument, which can expose credentials through shell history, process listings, audit logs, CI job logs, and other system telemetry. Because this skill is designed to run authenticated API workflows, users are likely to provide real production credentials, making accidental disclosure materially risky.

External Transmission

Medium
Category
Data Exfiltration
Content
2. This repo defaults to session auth for REST APIs.
3. Sign in:
```bash
curl -sS -c /tmp/drugflow.cookies -b /tmp/drugflow.cookies \
  -X POST "http://127.0.0.1:8888/signin" \
  -d "email=YOUR_EMAIL" \
  -d "password=YOUR_PASSWORD"
Confidence
88% confidence
Finding
curl -sS -c /tmp/drugflow.cookies -b /tmp/drugflow.cookies \ -X POST "http://127.0.0.1:8888/signin" \ -d "email=YOUR_EMAIL" \ -d "password=YOUR_PASSWORD" ``` ## 1) Workspace and Balance 1. List

External Transmission

Medium
Category
Data Exfiltration
Content
1. Base URL example: `https://new.drugflow.com`
2. Session auth by `/signin`:
```bash
curl -sS -c /tmp/drugflow.cookies -b /tmp/drugflow.cookies \
  -X POST "https://new.drugflow.com/signin" \
  -d "email=YOUR_EMAIL" \
  -d "password=YOUR_PASSWORD"
Confidence
93% confidence
Finding
curl -sS -c /tmp/drugflow.cookies -b /tmp/drugflow.cookies \ -X POST "https://new.drugflow.com/signin" \ -d "email=YOUR_EMAIL" \ -d "password=YOUR_PASSWORD" ``` ## 1) Workspace and Balance 1. W

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal