ClawHub

Protein Phylogeny

Security checks across malware telemetry and agentic risk

Overview

This is mostly a legitimate local protein-analysis workflow, but it asks for unrelated high-impact capability tags and includes under-scoped external upload and host-installation steps.

Install only if you are comfortable running local scientific scripts and dependency installers. Use a container or isolated conda/virtual environment, review the installer before running it, avoid granting crypto or purchase-related permissions, and skip Feishu/Lark export unless you explicitly intend to upload those reports and figures to that service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The implementation guide instructs the agent to create a Feishu/Lark document and upload generated content, which extends the skill from local phylogenetic analysis into external publication and data exfiltration. Because biological sequence datasets, reports, and figures may contain proprietary, unpublished, or sensitive research information, silently transmitting them to a third-party service is a meaningful security and privacy risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The testing guide instructs users to run installation steps that fetch software and data from external sources and execute a local installer script on a fresh machine, but it does not clearly warn that these actions require network access and will modify the system. In a skill context, this can lead users or agents to make unreviewed outbound requests and install untrusted dependencies, increasing supply-chain and environment-modification risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section recommends system-level package installation and downloading a binary tarball, including commands that modify global system state, without a prominent warning about privileged execution and trust boundaries. That is dangerous because users may paste commands that install packages or binaries from the network directly onto their host system without verification.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide tells the agent to save the user-provided FASTA file to the workspace without warning the user that their data will be written to local storage. While local file writes are expected for analysis workflows, failing to disclose persistence can violate user expectations and create privacy or data-retention concerns, especially for unpublished or proprietary sequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow directs the agent to generate multiple output files and reports on disk but does not disclose that substantial analysis artifacts will be created and retained locally. In a research setting, these artifacts can contain derived sensitive information, and undisclosed persistence increases the risk of unintended exposure through shared workspaces or later reuse.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instructions direct the agent to upload report content and generated figures to Feishu via lark-cli without warning the user that data will leave the local environment. This creates a clear confidentiality and data-governance risk because analysis outputs may reveal unpublished results, proprietary datasets, or identifying metadata, and the transfer occurs to an external service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script immediately installs Python packages and later attempts additional system package installs without any interactive confirmation, dry-run mode, or prominent warning that it will modify the host environment. In an agent skill context, this is risky because running the installer can unexpectedly alter a user's Python environment or system state, increasing the chance of unintended package changes or supply-chain exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal