ClawHub

Knowledge Graph - Rdf Triple Store Integration

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed RDF/SPARQL integration, but users should treat its write and federated-query examples as capable of changing or exposing graph data.

Install only if you need RDF/SPARQL integration. Use read-only credentials by default, require an explicit review before INSERT/DELETE/UPDATE/DROP operations, keep backups for production graphs, scope changes to named graphs, and avoid federated SERVICE queries or non-HTTPS endpoints unless you trust the remote service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises destructive RDF/SPARQL capabilities such as inserts, updates, deletes, transactions, and graph management without warning that these operations can modify or permanently remove persistent data. In an agent skill context, documentation often drives tool use directly, so omitting safety guidance increases the chance of accidental destructive actions against production triple stores.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The quick examples include `insert_triple` and `update_data` operations that can change stored RDF data, but they are presented as routine snippets with no caution about persistence, rollback limitations, or production impact. Because users may copy-paste examples verbatim, this creates a realistic risk of unintended modification or deletion of knowledge graph data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes INSERT, UPDATE, and DELETE operations against RDF triple stores but does not prominently warn that these actions can irreversibly modify or remove production knowledge-graph data. In an agent setting, this omission increases the chance that a user or downstream system invokes destructive operations without adequate confirmation, scoping, or backup safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents remote endpoint connections and credentials, including username/password and federated access, without an explicit warning that queries, data, and secrets may traverse the network and could be exposed if sent to untrusted or non-TLS endpoints. In practice, this can lead to credential leakage, sensitive data disclosure, or unintended transmission of internal graph data to third-party SPARQL services.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This documentation includes destructive SPARQL DELETE and update patterns that can remove or modify triples, including broad graph-wide deletions, without any warning about irreversible data loss or the need for access controls, backups, and non-production testing. In a skill meant to help users connect to triple stores and manage data, these examples could be copied directly into live environments and cause accidental mass deletion or corruption.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The federated query examples use SERVICE with external SPARQL endpoints without warning that local query terms or identifiers may be transmitted to third parties and that remote endpoints can affect confidentiality, availability, and trustworthiness of results. In an integration-focused skill, users may treat these as safe defaults and unknowingly exfiltrate sensitive graph data or create dependencies on untrusted remote services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal