ClawHub

Rich

Security checks across malware telemetry and agentic risk

Overview

This is a coherent documentation-only skill for using the Python Rich library, with normal install and debugging examples that users should run carefully.

Install in a virtual environment where possible, review any package install or requirements.txt change before allowing an agent to run it, and avoid enabling show_locals or exporting recorded console output in production unless secrets are redacted and log/output files are access-controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly says the AI can directly execute `pip install rich`, which performs a system or environment change without requiring an explicit warning, confirmation, or isolation step. In an agent setting, this can lead to unintended package installation, dependency drift, or modification of the user's active Python environment, especially if the agent is running outside a virtual environment.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The guide includes `echo "rich>=13.0.0" >> requirements.txt`, which silently modifies a project file, and follows it with installation from that file. In an autonomous agent workflow, editing dependency manifests without a clear warning and confirmation can corrupt project state, introduce unexpected dependency changes, and create hard-to-trace build or reproducibility issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The traceback examples enable show_locals=True, which can expose secrets, tokens, passwords, personal data, or internal state in terminal output and copied logs when exceptions occur. In a documentation context this is especially risky because users may copy the snippet directly into production or shared environments without understanding the disclosure implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The logging example combines rich_tracebacks, tracebacks_show_locals, path display, and file logging, which can persist sensitive runtime data and filesystem details to disk. This increases confidentiality risk because exceptions and locals may include credentials or user data, and logs are often widely accessible or retained for long periods.

Ssd 3

Medium
Confidence
96% confidence
Finding
Enabling traceback local-variable display in a logging configuration can reveal sensitive inputs in exception output, and the same configuration also writes logs to disk. That creates a realistic data-exposure path for secrets and internal application state, especially in shared systems or support workflows where logs are collected centrally.

Ssd 3

Medium
Confidence
97% confidence
Finding
Globally installing rich traceback with show_locals=True causes every uncaught exception to print local variables, which can leak runtime secrets broadly and unexpectedly. Because this is a global setting, the blast radius is larger than a one-off debug call and may affect all code paths in the application.

Ssd 3

Medium
Confidence
94% confidence
Finding
The manual exception rendering example uses show_locals=True, which can echo sensitive values from the current scope directly to the user or operator. In real applications, those locals may include credentials, API responses, tokens, or personal data present at the failure point.

Ssd 3

Medium
Confidence
89% confidence
Finding
Using Console(record=True) and exporting HTML, SVG, or text preserves all printed console content for later writing to files, so any secrets or sensitive operational data sent to the console may be persisted unintentionally. In documentation, this can normalize unsafe output capture patterns without warning users about data retention and distribution risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal