ClawHub

Knowledge Graph - Etl Pipeline Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ETL pipeline-generation skill, but users should treat generated pipelines as capable of reading sensitive sources and writing or deleting target data.

Install only if you are comfortable reviewing generated ETL code before use. Use staging data first, avoid embedding secrets in configs, use least-privilege credentials, confirm production writes or deletes explicitly, and keep backups or rollback plans for target databases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill encourages extraction, transformation, and loading of external data into downstream systems but does not warn users about privacy, sensitive data handling, or the operational risk of modifying connected systems. In an ETL context, users may apply the generated pipeline to production data sources or regulated datasets, creating a realistic risk of unintended exposure or harmful writes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API and database extraction guidance discusses authentication, SQL query execution, and connection handling without warning that these actions can access confidential records or transmit sensitive data across systems. Because ETL workflows often span internal databases and third-party APIs, omission of privacy and authorization guidance increases the chance of over-collection, misuse of credentials, or accidental exfiltration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The load-stage documentation describes bulk import, streaming, and batch writes to graph databases and files without warning that these operations can alter or overwrite production data. In this skill's context, generated ETL pipelines are specifically intended to perform writes, so missing cautions about environment separation, rollback planning, and destructive side effects materially increases operational risk.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The hard-delete pattern explicitly documents irreversible deletion behavior without guardrails, confirmation requirements, or recommendations for backup/versioning. In an ETL skill context, this can normalize destructive implementations and increase the chance that users generate pipelines that permanently remove production data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal