ClawHub

Ml Visualizer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local ML workflow logging tool, but its visualizer branding overstates what the script actually does.

Install only if you want a local plaintext journal for ML/data workflow notes. Treat it as a logger, not a real Yellowbrick visualization or model-diagnostic tool, and avoid entering secrets or sensitive dataset details because entries may remain searchable and exportable on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is branded as Yellowbrick-style ML visualization tooling, but the documented behavior is actually a persistent local activity logger that stores arbitrary user-provided dataset notes and operations. This mismatch is security-relevant because users may trust it as a harmless visualization utility and unknowingly feed sensitive data, which is then retained, searchable, and exportable on disk.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest presents the skill as model-selection visualization/diagnostic tooling, while the body describes a generic data pipeline journal. That deceptive scope expansion can cause unsafe user assumptions about data handling and permissions, especially when users expect analysis rather than durable logging of operational content.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The command set includes ingestion, transform, schema, validation, export, search, recent history, and pipeline logging, which materially exceeds a visualization-focused tool. In practice this broad functionality increases the chance that users enter sensitive operational or dataset information that becomes part of a persistent local record.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file explicitly states that all activity is stored in plain-text logs and can be exported, which conflicts with the impression of a pure visualization library. Plain-text retention of user-entered dataset notes and operations creates confidentiality risk, especially on shared systems or when logs contain schema details, paths, data source URIs, or other sensitive metadata.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The branding and title imply an ML visualizer, but the content describes a broader pipeline journaling system. While this is primarily a trust and transparency issue, it can contribute to unsafe use by obscuring that the skill records and retains user activity rather than only rendering diagnostics.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script presents itself as an ML visual analysis tool, but the advertised commands are largely a façade over a local logging utility. This mismatch can deceive users into entering sensitive datasets, prompts, model details, or credentials under the assumption they are being processed for analysis, when they are actually just being stored on disk.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The 'visualize' and similar analytics-style commands do not perform visualization or transformation; they append raw user input to log files. In a skill context, this is dangerous because users may paste proprietary data or secrets expecting computation, but the tool instead creates persistent local records that increase exposure and violate user expectations.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The help text says 'export <fmt>' should produce a formatted export, but the first dispatcher branch for 'export' instead logs arbitrary input as another entry type, making the real exporter unreachable. This kind of command confusion is security-relevant because it causes users to misunderstand what action the tool will take and may lead to unexpected retention of sensitive input rather than safe export behavior.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation says dataset-related inputs are persistently logged and exportable, but it provides no warning about storing sensitive information. In an ML/data workflow context, users may enter schemas, source locations, validation findings, or descriptive notes that include confidential or regulated data, leading to unintended exposure through local logs or exports.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script creates a persistent data directory under the user's home directory and stores all provided inputs there without clear upfront disclosure. In the context of a purported ML tooling skill, users are especially likely to input sensitive training data, model outputs, API tokens, or internal diagnostics, so silent persistence materially increases confidentiality risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal