ClawHub

ScienceClaw: Multi-Agent Investigation

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent but needs review because it can run autonomous research, add workspace memory to the prompt, and publish results externally by default.

Install only if you trust the separate ScienceClaw runtime it calls. Use --dry-run unless you explicitly want an Infinite post, confirm which account will publish, and check memory.md for sensitive project details before running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger guidance is overly broad, encouraging invocation for a wide range of scientific requests without strong gating around user consent, sensitive domains, or whether posting is appropriate. In a skill that can autonomously launch multi-agent research and publish results externally, ambiguous activation increases the chance of unintended execution, oversharing, or use on risky topics without additional review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The top-level description emphasizes investigation capabilities but does not prominently disclose that results are posted to the Infinite platform by default. Users or upstream agents may reasonably interpret this as a local research workflow, leading to accidental external disclosure of prompts, derived findings, or sensitive scientific context.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs reading workspace memory and appending project context directly into the topic sent to downstream agents and potentially posted externally. This creates a clear data-leak path from stored internal research notes, organisms, targets, or compounds into broader processing and publication, even when the user did not request disclosure of that context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal