ClawHub

Data Analysis Workflow

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only data-analysis workspace template with disclosed memory and heartbeat behavior, but users should review the autonomy and credential-note language before using it.

Before installing, read the copied AGENTS.md and HEARTBEAT.md. Remove or narrow the 'Don't ask permission' line, avoid storing raw API keys or database passwords in Markdown files, and keep MEMORY.md limited to project context you are comfortable reusing in future sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This template materially expands a data-analysis skill into a persistent agent persona with session bootstrapping, memory management, and autonomous workflow control. Those instructions increase the agent's authority and data access surface beyond what is needed for analysis, creating unnecessary privacy and safety risk if the workspace contains sensitive user context.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Group-chat participation and heartbeat-driven outreach are unrelated to core data-analysis tasks and encourage the agent to act in broader social and operational contexts. This increases the chance of inappropriate disclosure, unsolicited actions, or behavior that the user did not intend to delegate to an analysis template.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The template instructs the agent to read and maintain long-term memory files containing personal context, even though that capability is not justified by a data-analysis workflow. Unnecessary access to user memory increases exposure of sensitive information and creates a pathway for privacy leakage into future outputs or unrelated contexts.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
Behavior rules for participating in group chats are outside the legitimate scope of a data-analysis project template. Even if framed as etiquette, they normalize the agent operating in social contexts where it may disclose information or act as the user without a clear need.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction 'Don't ask permission. Just do it.' is overly broad and can override safer, more conservative behavior in ambiguous situations. In practice, it may push an agent to access files, modify workspace state, or surface private context without confirming user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Telling the agent to delete BOOTSTRAP.md after reading it authorizes file modification without an explicit warning, audit trail, or user approval. This can destroy evidence of initialization behavior, interfere with reproducibility, and normalize unnecessary workspace mutation at startup.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The line '_The only approval that matters is whether the analysis is sound and actionable_' discourages oversight and external approval, which can steer an agent to deprioritize human review, policy checks, or governance requirements. In an agent skill, language that minimizes approval or oversight can weaken safety boundaries and make it easier for later prompt content to justify bypassing controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal