ClawHub

database-semantic-generator

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised database/Excel-to-YAML task, but it sends potentially sensitive spreadsheet and database sample data to asksql.ai without a clear consent step.

Review this carefully before installing, especially on company, customer, HR, finance, or regulated data. Use it only if you are comfortable sending selected spreadsheet contents and database metadata/sample values to asksql.ai, and prefer a redacted test database or non-sensitive workbook unless the publisher adds explicit opt-in, local-only mode, and clearer data-transfer documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This helper transmits entire Excel workbook contents and database schema/table payloads to a third-party service at asksql.ai. Even if this is part of intended functionality, the transmission is not clearly disclosed in the code path and may expose sensitive business data, metadata, or regulated information to an external processor.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The function prints the full table_data payload to stdout before sending it upstream. Database schema payloads can contain sensitive table names, column names, sample metadata, or connection-derived business context, and printing them can leak data into logs, consoles, CI output, or monitoring systems.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The database generation path sends discovered schema metadata plus sampled table content to https://asksql.ai/ask/api/generate_database_knowledge. This is a real data exfiltration risk because users invoking a locally described database-to-YAML skill would not reasonably expect database contents or representative values to be transmitted to a third-party service.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The Excel path uploads workbook-derived content to a remote API, which can expose proprietary or sensitive spreadsheet data outside the local environment. Because the skill description emphasizes generation from databases or Excel rather than third-party processing, this creates a misleading trust boundary and an undisclosed external transfer.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Before the upload, the code reads sampled rows and distinct values from selected tables and includes them in the payload sent upstream. This exceeds a narrow 'table structure definition' use case and can leak sensitive business data, identifiers, categories, or low-cardinality secrets that may be present in sample values.

Vague Triggers

Medium
Confidence
68% confidence
Finding
Broad trigger conditions can cause the skill to activate in situations where users did not intend database access, file processing, or YAML generation. In a skill that touches local files, databases, and possibly remote APIs, ambiguous activation increases the chance of over-collection or accidental execution against sensitive sources.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not clearly warn users that it will access databases or Excel files and write generated YAML files to disk. Missing disclosure weakens informed consent and can lead users to expose sensitive local or enterprise data without understanding the operational side effects.

Missing User Warnings

High
Confidence
95% confidence
Finding
Referencing an upload API without clearly warning that workbook contents, schema metadata, and potentially sampled values may be sent over the network creates a substantial transparency and data leakage risk. In enterprise environments, schema details, comments, and sample values can themselves be sensitive and valuable to attackers or unauthorized third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code uploads Excel file contents to an external API without any visible user-facing warning, consent flow, or in-function disclosure. In this skill context, users may reasonably expect local file processing, so silently sending workbook contents off-platform increases privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The helper sends database table payloads to a remote API without a clear warning or confirmation that external transmission will occur. Database-derived structures often reveal sensitive internal architecture and may include confidential metadata, making undisclosed export to a third party a significant data exposure risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code transmits database-derived content to an external service without any visible interactive warning, confirmation, or disclosure in the file itself. Even if intended for cloud enrichment, the absence of an explicit user-facing notice increases the chance of accidental sensitive-data disclosure during normal use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Excel upload path similarly performs remote transfer without a visible disclosure or confirmation step at the point of use. In practice, spreadsheets often contain confidential financial, HR, or customer data, so silent upload materially raises the risk of unintended exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal