ClawHub

KEGG Query

Security checks across malware telemetry and agentic risk

Overview

This is a coherent KEGG biomedical lookup skill that makes disclosed public database requests and does not show hidden persistence, credential access, or destructive behavior.

Install only if you are comfortable sending drug names, disease names, gene IDs, pathway IDs, or similar biomedical queries to public KEGG services, and optionally to UniProt/OpenBioMed tooling if you use that integration. Avoid private patient data or confidential research queries, respect KEGG rate limits, and treat results as reference data rather than medical advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation clearly instructs use of network-capable code to query KEGG, but the skill metadata does not declare any corresponding permission. This creates a trust and policy gap: reviewers or runtime controls may assume the skill is local-only, while execution can still make outbound requests to external services and expose prompts, identifiers, or derived data.

Context-Inappropriate Capability

Medium
Confidence
76% confidence
Finding
The documented workflow extends beyond KEGG querying into UniProt retrieval via a separate tool, which broadens the skill's effective scope and external data flows beyond what the name and description promise. Scope expansion is dangerous because downstream agents or users may invoke additional tools or network access they did not consent to, increasing the chance of unintended data sharing and policy bypass.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal