ClawHub

Dr.Binary

Security checks across malware telemetry and agentic risk

Overview

The skill’s behavior matches binary-analysis use, but it sends the chosen file to an external sandbox and uses a Dr. Binary API key.

This skill appears coherent for remote binary analysis. Before installing or using it, confirm you trust the Dr. Binary/Deepbits service, avoid uploading proprietary or sensitive binaries without permission, and protect the DRBINARY_API_KEY used for uploads.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI07: Insecure Inter-Agent Communication
Medium
What this means

Confidential or proprietary binaries may be sent to the external Dr. Binary/Deepbits service for analysis.

Why it was flagged

The helper reads the selected local file and uploads it to an external sandbox endpoint. This is expected for remote binary analysis, but it is a data-sharing boundary users should understand.

Skill content
UPLOAD_URL = "https://mcp.deepbits.com/workspace/upload" ... with open(file_path, "rb") as f: file_data = f.read()
Recommendation

Only submit files you are allowed to share with the remote analysis provider, and review that provider’s retention and privacy terms before uploading sensitive samples.

#
ASI03: Identity and Privilege Abuse
Low
What this means

The skill needs access to a service API key, and misuse of that key could affect the user’s Dr. Binary account or billing.

Why it was flagged

The script uses a bearer API key to authenticate to the remote upload service. This is purpose-aligned, but the registry metadata lists no required environment variables or primary credential.

Skill content
api_key = os.environ.get("DRBINARY_API_KEY", "") ... "Authorization": f"Bearer {api_key}"
Recommendation

Use a scoped Dr. Binary API key if available, avoid sharing it in prompts or logs, and revoke/rotate it if it is exposed.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

Overbroad command use in the sandbox could produce misleading results or perform actions beyond simple inspection.

Why it was flagged

The skill allows use of a generic sandbox command tool. The documented examples are normal for binary inspection, but the tool should not be treated as permission to run arbitrary or destructive commands.

Skill content
- **`sandbox_execute`** — run safe commands (e.g. `file`, `strings`, `sha256sum`)
Recommendation

Keep sandbox commands limited to read-only analysis and hashing unless the user explicitly approves a broader dynamic-analysis step.