ClawHub

chat2duckdb

Security checks across malware telemetry and agentic risk

Overview

This is a local DuckDB data-analysis skill whose file reads, exports, persistence, and SQL execution are disclosed and aligned with analyzing user-selected datasets.

Install only if you are comfortable letting an agent run local DuckDB SQL over files you choose. Prefer SELECT-style queries for analysis, review any SQL before running it on sensitive datasets, and check --output or --persist_db_path paths so results are not saved somewhere unintended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents file export and persistence features such as `--output result.csv/.xlsx/.json/.parquet` and `--persist_db_path`, which are file-write capabilities, but no corresponding permissions are declared. Undeclared write access is risky because the skill can create or overwrite files on the host filesystem, and in an agent setting this may enable unintended data exfiltration, clobbering of user files, or persistence beyond the current task.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The tool can optionally connect to a user-specified DuckDB database file and, when --persist_table is enabled, materialize imported data as a durable table instead of a temporary one. For a skill presented as an analysis/query helper, this expands behavior from transient analysis into stateful data storage, which can retain sensitive imported data on disk longer than users expect and increase confidentiality/privacy risk.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The query path executes arbitrary user-supplied SQL directly via DuckDB without enforcing read-only semantics or restricting statements to SELECT-style analytics. In skill context, this is more dangerous because the same interface can be used with a persistent database path/table, enabling data modification, creation of durable objects, file-writing features, or other engine capabilities beyond advertised analysis.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal