ClawHub

Volcano Plot Script

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local bioinformatics plotting helper with expected file reads, output writes, and dependency-install cautions.

Install dependencies in a virtual environment, run the script only on intended DEG files, keep outputs in a project directory, and review any exported R script before executing it. Be aware that unpinned dependencies may resolve to different versions over time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes local script execution with filesystem read/write behavior but does not declare explicit permissions or enforcement boundaries. This creates a mismatch between documented capability and security controls, increasing the risk that an agent or reviewer underestimates what the skill can access or modify.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
matplotlib
seaborn
numpy
Confidence
95% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
matplotlib
seaborn
numpy
Confidence
95% confidence
Finding
matplotlib

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
matplotlib
seaborn
numpy
Confidence
95% confidence
Finding
seaborn

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
matplotlib
seaborn
numpy
Confidence
96% confidence
Finding
numpy

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal