ClawHub

Knowledge Graph - Text Entity Relation Extractor

Security checks across malware telemetry and agentic risk

Overview

This is a local text-extraction skill with a privacy caution around examples that include medical-style personal data.

Install is reasonable for local NLP and knowledge-graph extraction. Avoid processing real medical, legal, or personal records unless you have authorization, and prefer de-identified inputs because the skill is designed to surface names, dates, diagnoses, organizations, and relationships from whatever text you provide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The medical example includes a full patient name, age, admission date, hospital, symptoms, diagnosis details, and named providers, which models unsafe handling of sensitive health-related data in example content. Even if fictional, this normalizes processing and output of directly identifiable medical records without de-identification guidance, increasing privacy and compliance risk for users of the skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal