ClawHub

Knowledge Graph - Tigergraph Connector

Security checks across malware telemetry and agentic risk

Overview

The skill is presented as a production TigerGraph connector, but its core code only simulates connections, queries, inserts, and CSV loading while reporting success.

Install only if you treat this as sample or demo material, not as a production TigerGraph connector. Do not rely on its reported query, insert, or CSV-load success until the implementation is replaced with real TigerGraph client calls and tested against a non-production graph. Use scoped tokens, avoid placing secrets in prompts or source files, and require explicit approval before any live data or schema changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The module advertises 'production-ready' TigerGraph connectivity and graph operations, but the implementation only simulates connection, query execution, and loading behavior. This is dangerous because downstream agents or operators may rely on it for real database interactions, causing silent failure, false assurance, and incorrect security or operational decisions.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The connect() method claims to establish a TigerGraph connection but only flips an internal boolean and logs success. In a security-sensitive or automation context, this can bypass connection validation, making later operations appear authenticated and successful even though no server was contacted.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The run_query() interface claims to execute GSQL but returns a mocked placeholder result regardless of the real query. This can mislead calling systems into trusting fabricated data, potentially corrupting decisions, workflows, or security logic that depend on actual graph query results.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The load_from_csv() method claims to load vertices from a CSV file, but it never reads the file and always inserts zero records while returning success. This can hide ingestion failures, leading users or dependent agents to believe data was loaded when the graph remains empty or incomplete.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README advertises data-loading and schema-management features such as vertex/edge insertion, schema creation, and index management without clearly warning that these are state-changing, potentially destructive operations. In an agent skill context, users or downstream agents may assume examples are read-only and trigger writes or schema changes against a live TigerGraph instance, causing unintended data corruption, outages, or irreversible configuration changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes data-loading, schema management, and graph-management actions against a remote TigerGraph instance but does not clearly warn that these operations can modify or destroy live database contents. In an agent setting, that omission increases the risk of users invoking destructive or state-changing actions without informed consent or confirmation, especially when the same skill also supports bulk loading and management tasks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents use of API tokens, usernames, and passwords for connecting to TigerGraph but does not sufficiently warn about secret handling, secure storage, or transmission risks. In an agent workflow, users may provide credentials directly in prompts or configs, leading to accidental disclosure, insecure logging, or transmission to unintended endpoints if host values are misconfigured.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal