ClawHub

Code Refactor For Reproducibility

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent research-code refactoring helper, but it should be used in a controlled project directory because it can write files and run local tooling.

Install or run this only on the intended project, keep version control or backups enabled, review generated diffs before accepting changes, choose an empty output directory for scripts/main.py, and avoid installing the included requirements.txt until dependencies are pinned and the 'src' entry is removed or clarified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The generator writes many files into the target tree using write_text() and touch() with no overwrite confirmation, backup, or empty-directory check. In a refactoring workflow, a mistaken or attacker-influenced output path could silently destroy or replace existing project files, causing loss of work or corruption of trusted repository contents.

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
Confidence
95% confidence
Finding
numpy

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
src
Confidence
95% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
src
Confidence
94% confidence
Finding
pytest

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pytest
scipy
src
Confidence
95% confidence
Finding
scipy

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
pytest
scipy
src
Confidence
90% confidence
Finding
src

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal