ClawHub

ScienceClaw: Query (Dry Run)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent dry-run science research helper, but users should know it can include workspace memory in research queries sent through the local ScienceClaw tool.

Install only if you trust the local ScienceClaw tool it invokes. Before using it, review workspace memory.md and avoid storing confidential research, health, compound, or project details there unless you are comfortable having those details included in ScienceClaw research queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Low
Confidence
90% confidence
Finding
The skill is marketed as a direct-to-chat dry run with no posting, but it additionally instructs the agent to read workspace memory and prepend that context into the topic. This creates a scope/privacy mismatch: users may reasonably expect only their explicit prompt to be used, while hidden workspace context may be transmitted to the downstream investigation tooling and external model/API.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include very broad language like 'just show me' and 'preview', which can match ordinary conversation outside the user's intent to invoke this specific skill. That increases the chance of accidental execution, causing unintended external research actions or disclosure of user/workspace context to the ScienceClaw pipeline.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to read `memory.md` and silently inject project context into the query without any user-facing privacy notice or consent step. Because the command relies on an external API-backed investigation tool, this can leak sensitive workspace information beyond the user's explicit request, making the privacy risk materially higher in this skill context.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal