ClawHub

DuckDB CLI skills

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only DuckDB CLI reference whose local file access and file-writing examples fit its stated data analysis and conversion purpose.

Install only if you want DuckDB CLI help. Review generated commands before running them, especially input paths, globs, COPY/export destinations, `.output` targets, and editor commands. Prefer read-only mode for existing databases when you only need inspection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Documenting `.edit` encourages the agent to launch an external editor, which expands the skill's execution surface beyond SQL analysis and file conversion. In an agent context, invoking an editor can trigger unintended process execution or interaction with environment-controlled programs, creating opportunities for abuse or sandbox escape depending on runtime policy.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
Referencing `DUCKDB_EDITOR`, `EDITOR`, and `VISUAL` documents behavior that depends on ambient environment variables unrelated to the skill's core purpose. In agent deployments, environment-variable-driven tool selection can be influenced by the host or attacker-controlled configuration, causing unexpected program execution.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes very broad phrases such as "sql", "query", and "data analysis", which can cause the skill to activate in many unrelated contexts. Over-broad invocation increases the chance that file-reading, file-writing, or shell-adjacent capabilities are exposed when the user did not intend to use this specialist skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The conversion examples perform writes to output files such as `output.parquet`, `output.csv`, and `filtered.parquet` without clearly warning that they create or overwrite data on disk. In an agent setting, silent file-write guidance can lead to destructive or privacy-impacting actions if applied to sensitive paths or existing files.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Documenting `.output file` and `.once file` without a warning normalizes writing query results to arbitrary filesystem paths. While common CLI functionality, in an automated agent context this can unintentionally persist sensitive data or modify files outside the user's expectation.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The examples for opening `my_database.duckdb` and exporting data imply persistent on-disk changes but do not explicitly warn about file creation and modification. In agent-assisted use, omission of persistence warnings can cause users to underestimate that data will be stored locally or that existing databases may be altered.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal