ClawHub

trtc-config-inspector

Security checks across malware telemetry and agentic risk

Overview

The skill matches its TRTC inspection purpose, but it needs Review because it can install Python packages at runtime and extracts user-provided archives without safe path containment.

Install only if you are comfortable running it in a sandbox or disposable project copy. Use trusted URLs and archives, preinstall dependencies yourself where possible, and review any generated modification plan before allowing code edits. A safer version would remove runtime pip installs and validate archive paths before extraction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import openpyxl
except ImportError:
    import subprocess
    subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'openpyxl', '-q'])
    import openpyxl

# 复用 parse_excel 的逻辑
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'openpyxl', '-q'])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import requests
except ImportError:
    import subprocess
    subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'requests', '-q'])
    import requests
Confidence
92% confidence
Finding
subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'requests', '-q'])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import openpyxl
except ImportError:
    import subprocess
    subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'openpyxl', '-q'])
    import openpyxl
Confidence
97% confidence
Finding
subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'openpyxl', '-q'])

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Runtime dependency installation is not necessary for simple config diffing and expands the attack surface by allowing the script to fetch and install code during execution. In this skill's context, which already processes user-provided inputs and may run in automated environments, silent package installation makes the behavior more dangerous because it can change the execution environment unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Installing Python packages at runtime is not required for the advertised purpose of downloading files and extracting archives, so it adds unnecessary code-execution and supply-chain exposure. Because this skill already processes untrusted URLs and archives, adding dynamic dependency installation makes the overall workflow more dangerous by modifying the execution environment and retrieving additional remote content.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This is a true security issue because the parser changes the execution environment by installing a package as a side effect of opening a spreadsheet. In the context of this skill, which also downloads files from user-provided URLs and supports downstream code modification, adding silent package installation makes the workflow more dangerous by expanding attack surface and enabling unreviewed external dependency retrieval.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to match ordinary coding-help or optimization requests, which can cause this skill to activate in situations where a user did not specifically intend a network-download-and-code-analysis workflow. Because the skill accepts user-provided URLs, downloads archives, scans source code, and then guides code modification, overly broad invocation increases the chance of unsafe activation, unexpected remote content handling, and unintended code changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs subprocess-based package installation without warning, confirmation, or policy checks. This is dangerous because it causes side effects on the host, may trigger network access unexpectedly, and can violate least-privilege and change-control expectations for an analysis utility.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The archive extraction code uses extractall on ZIP and TAR files from user-provided URLs or paths without validating member paths, which can enable path traversal or arbitrary file overwrite via crafted archives. In this skill, the archive is explicitly expected to come from untrusted user input, so this context makes the issue more dangerous than usual because an attacker can target files outside the workspace during extraction.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Installing a package via subprocess without warning or confirmation is unsafe because operators may not realize the tool performs networked, environment-modifying actions. In an automated agent context, there may be no human in the loop at all, so this behavior can silently introduce third-party code, create nondeterministic builds, and violate least-privilege expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal