ClawHub

Drug Team

Security checks across malware telemetry and agentic risk

Overview

This drug-design skill is mostly coherent, but it needs review because it can run external patent searches, touch lab-inventory data, and activate from broad triggers.

Install only if you intentionally want an automated drug-design research workflow and trust the sibling skills it calls. Do not use confidential molecule ideas, targets, or private lab inventory unless you are comfortable with external patent queries and local inventory-file changes; treat all chemistry, toxicity, patent, and procurement results as rough screening output requiring expert review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The orchestrator reaches into lab stock checking and vendor scouting, which expands the skill from molecule ranking into operational procurement and inventory visibility. In a chemistry-design context, that data can reveal reagent availability and purchasing needs without clear user consent or least-privilege boundaries, increasing the risk of unnecessary exposure of sensitive lab operations.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains broad, common terms such as "patent," "novelty," and general drug-design phrases that could match user requests outside the intended scope. Because this skill launches an orchestration script and coordinates multiple subagents and external lookups, accidental invocation can cause unintended execution, unnecessary external queries, and disclosure of sensitive prompts or project context to downstream tools.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that triggering it runs `scripts/orchestrate.py` and performs patent scouting via web searches, but the user-facing description does not clearly warn about script execution, subagent orchestration, or external network activity. This reduces informed consent and can lead to unexpected data exposure, unintended network access, and execution of a complex workflow from a simple natural-language trigger.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently creates or overwrites a stock.csv file inside the lab inventory area, modifying operational data without confirmation. In a real environment this can corrupt inventory records, mask true stock levels, or poison downstream procurement decisions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends user-supplied molecule identifiers, names, or SMILES-derived search terms to Google Patents without any warning, consent flow, or option to disable external transmission. In research or drug-discovery contexts, these inputs may be proprietary or embargoed, so disclosure to a third-party service can leak sensitive intellectual property and search intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal