ClawHub

Pandas

Security checks across malware telemetry and agentic risk

Overview

This Pandas helper is a coherent local-only skill, with the main consideration being its disclosed preference memory file.

Safe to install for normal Pandas help. Be aware that it keeps a local file at ~/pandas/memory.md for preferences and context; review, edit, or delete that file if you do not want information reused across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill instructs creation of a persistent local memory file containing user preferences, context, and notes, even though the stated skill purpose is Pandas DataFrame analysis and transformation. That expands data collection and retention beyond the declared scope, creating unnecessary privacy and data-governance risk if user details are stored across sessions without clear need, consent boundaries, or minimization controls.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The template encourages storing user coding preferences, experience level, work context, and observations in a durable file, but those data elements are not necessary for a basic Pandas utility skill to perform DataFrame operations. Persisting this contextual information increases the chance of unauthorized profiling, over-collection, and cross-session leakage of user information with little functional justification.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill instructs the agent to create and continually update a persistent local memory file containing user preferences, but it does not require a just-in-time notice or consent before writing. This creates a privacy and transparency issue because users may not realize their preferences are being stored across sessions, even though the file is local and user-accessible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal