ClawHub

ScienceClaw: Local File Investigation

Security checks across malware telemetry and agentic risk

Overview

This skill can analyze user-selected science files, but its default workflow may send or post file-derived content and automatically include workspace memory without clear consent.

Review before installing. Use `--dry-run` for sensitive or unpublished files, do not allow `memory.md` context to be included unless you inspect it first, and require explicit approval before any ScienceClaw community posting or external processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is framed as a local-file investigation tool, but its run path sends prompts derived from local file paths and likely file contents into external ScienceClaw services and posting workflows. That creates a material confidentiality and data-boundary issue because users may reasonably expect local analysis, while the skill can transmit sensitive research data to remote systems and even publish derived findings.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to read workspace memory and inject stored project context even though the requested scope is analysis of a specific local file. This can cause unrelated sensitive context from prior work to be mixed into prompts sent to downstream tools, expanding data exposure beyond the user's current request.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description omits a privacy warning even though the skill can invoke external scientific tools and posting workflows on user-supplied local files. This omission is dangerous because users may share sensitive PDFs, datasets, sequences, or notes under the false impression that processing stays local, leading to unintentional disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workspace memory injection flow lacks any user-facing warning that prior project context may be incorporated into the analysis topic and sent to external systems. That creates a hidden cross-context data leak risk, especially for confidential research programs or multi-project workspaces.

Ssd 3

Medium
Confidence
96% confidence
Finding
Automatically reading memory.md and appending stored project context can disclose information unrelated to the current file or request, violating least-privilege and contextual integrity. In this skill, the danger is amplified because the combined prompt may then be sent to external services, compounding the exposure of prior user or project information.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal