ClawHub

Paperbanana

Security checks across malware telemetry and agentic risk

Overview

The skill’s diagram and plotting purpose is coherent, but it should be reviewed because it may run AI-generated Python plotting code without clear sandboxing.

Install only if you are comfortable sending selected inputs to third-party AI providers and running the plotting workflow in a constrained environment. Avoid sensitive datasets, unpublished confidential material, and live credentials in files or repositories; use limited API keys and sandbox execution where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation indicates it uses environment variables for API keys, reads local files supplied by the user, and sends prompts/data to external providers, but it does not declare corresponding permissions. This creates a trust and transparency gap: users and policy engines may not realize the skill can access secrets, local content, and the network, increasing the chance of unintended data exposure or overly broad execution in sensitive environments.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README advertises auto-triggering on broad phrases like "generate a diagram", "create a figure", and "make a plot", which can cause the skill to activate in situations broader than users may expect. In an agent ecosystem, over-broad invocation increases the chance of accidental execution of a tool that can call external models and generate/execute plotting workflows, expanding attack surface and causing unintended API usage or code execution paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the plot visualizer "generates and executes Matplotlib code" but does not prominently warn users that LLM-produced code will be run. Because the skill accepts CSV/JSON data and natural-language intent, this creates a meaningful risk of unsafe code generation or dangerous side effects if execution is insufficiently sandboxed, especially in an agent setting where users may assume ordinary plotting is passive.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation embeds realistic API key examples and instructs users to place credentials directly in skill configuration, but it does not warn about secure secret handling, avoiding commits, or using secret managers. This can normalize unsafe copy-paste practices and lead users to store live keys in plaintext config files or repositories, resulting in credential leakage and unauthorized API use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script reads user-supplied context from a file or inline argument and sends it to third-party model providers through the PaperBanana pipeline without any explicit warning, consent gate, or redaction step at the transmission point. In a skill that may be used on research drafts, unpublished methods, or proprietary data, this creates a real confidentiality risk because sensitive material can be disclosed to external services unexpectedly.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends user-supplied data and plot intent to third-party model providers via the PaperBanana pipeline, but the CLI/interface gives no explicit warning, consent prompt, or data-handling notice. In a plotting skill, users may pass proprietary datasets or unpublished research data, so silent external transmission creates a real confidentiality risk even if it is part of expected functionality.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal