ClawHub

Pharmaclaw Market Intel Agent

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches a public pharma data lookup purpose, but it needs review because report filenames are built from unsanitized user queries and the top-level metadata under-discloses the ClinicalTrials.gov workflow.

Install only if you are comfortable sending drug names, SMILES strings, and conditions to public openFDA, PubChem, and ClinicalTrials.gov endpoints. Run it in a constrained workspace, choose a safe output directory, and avoid proprietary compounds until the skill sanitizes filenames and clearly declares all network and file-write permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
84% confidence
Finding
The entry point materially expands capability beyond the advertised FAERS/openFDA scope to also query ClinicalTrials.gov. In an agent ecosystem, undeclared data access and workflow expansion can bypass user and platform expectations, increasing the chance of unauthorized collection, policy evasion, or misleading tool behavior.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The manifest aggregates and presents trial-query outputs as part of the skill's normal results even though the stated description centers on FAERS/openFDA analysis. That hidden expansion makes the skill more dangerous in context because it can silently normalize broader collection and output than users or reviewers expect.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains broad terms such as 'clinical trial', 'clinicaltrials', and 'recruiting trial' that can match many ordinary biomedical conversations. In an agent environment, overly broad triggers can cause accidental activation of a skill with network, shell, and file-writing behavior, leading to unnecessary external requests, unintended file generation, or chaining into workflows the user did not explicitly request.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal