ClawHub

Knowledge Graph - Graph Template Query Generator

Security checks across malware telemetry and agentic risk

Overview

The skill does not show malware or hidden data access, but it presents unsafe graph-query templates as safely parameterized and production-ready.

Review generated queries before execution. Only use this skill with trusted inputs or strict allowlists for labels, properties, relationship types, predicates, operators, and IRIs; avoid using the included sensitive-data examples directly in production without least-privilege database roles, result limits, auditing, and privacy controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The file claims all dynamic values are parameterized, but the SPARQL examples use constructs like `ex:$author_id` and `ex:$research_area`, which imply string interpolation into identifiers/IRIs rather than safe value binding. In a query-generator skill, this is dangerous because consumers may copy the pattern and build SPARQL with unvalidated identifier fragments, leading to query manipulation or unintended graph access.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
This is a real issue: the document asserts that all dynamic values are parameterized, but the templates directly substitute labels, property names, relationship types, and operators into Cypher/SPARQL text. In graph query languages, those schema tokens usually cannot be safely bound as normal parameters, so naive string interpolation can enable query injection, authorization bypass, or destructive query manipulation when untrusted input reaches template generation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages generating Cypher and SPARQL queries without warning that produced templates may retrieve sensitive graph data, perform broad traversals, or be unsafe if unvalidated user-controlled identifiers are inserted into labels, properties, or predicates. In the context of graph databases, this can lead to overbroad data access, expensive traversal queries, or query-injection-style misuse when consumers treat structural elements as safe parameters.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The healthcare examples expose realistic patient-identifying and medical-record query patterns without privacy guidance, minimization advice, or access-control context. In a reusable query-template skill, that increases the chance users will deploy templates that return regulated health data broadly, enabling confidentiality violations or overcollection.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The social-network templates return user email addresses as part of common query results without any warning about data minimization or authorization checks. In this skill context, example templates are likely to be reused directly, so exposing email by default normalizes unnecessary disclosure of personal data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal