ClawHub
Back to skill

Security audit

Python Automation

Security checks across malware telemetry and agentic risk

Overview

This is a broad but transparent Python automation helper with ordinary file and web automation risks, not evidence of hidden or malicious behavior.

Install only if you want a general Python automation reference and helper scripts. Before running generated commands or included scripts, review target directories and output files, use dry-run mode for bulk renames, keep backups for important data, avoid scraping authenticated or sensitive sites unless intended, and explicitly approve any cron, scheduler, or file-watcher setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is very broad and covers many common automation tasks, which can cause the skill to be invoked for routine requests beyond a narrowly scoped use case. Over-broad activation increases the chance that powerful file, network, and system automation guidance is surfaced in contexts where safer or more constrained handling would be preferable.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples include recursive file modification and outbound web requests without any warnings about scope, backups, target validation, rate limits, or user approval. In an agent setting, these patterns normalize potentially impactful actions and can lead to unintended data loss, modification of sensitive files, or network access to untrusted destinations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.