ClawHub

Powerdrill Data Analysis

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Powerdrill data-analysis skill, but it can send arbitrary local files to an external service and delete remote datasets or sessions with limited built-in safeguards.

Install only if you intentionally want an agent to use Powerdrill with your credentials. Confirm every upload path and every cleanup/delete action, avoid secrets or regulated files unless approved, and use a least-privileged Powerdrill API key where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly encourages uploading local files and sending natural-language analysis queries to a third-party service, but it does not warn that file contents and prompts will leave the local environment and be processed by Powerdrill. In a data-analysis skill, users may reasonably supply sensitive spreadsheets, PDFs, or business documents, so omission of a privacy/data-transmission warning materially increases the risk of unintended disclosure.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README demonstrates cleanup and delete operations and later says to always call cleanup, but it does not clearly warn that these actions permanently remove datasets and sessions. This can cause accidental data loss, especially because the examples normalize deletion as part of the default workflow.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text is broad enough to match generic requests like analyzing data, querying datasets, uploading files, or continuing prior analysis. That can cause the skill to activate in situations where the user did not specifically intend to use Powerdrill, leading to unintended external API use, upload of local files, or destructive operations such as deletion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow directs uploading local files to a third-party API and then deleting datasets/sessions during cleanup, but the documentation does not prominently require user-facing consent for off-device data transfer or for irreversible deletion. In this context, the skill handles potentially sensitive user data, so silent upload and automatic cleanup can cause confidentiality loss and unexpected data destruction.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The client reads an arbitrary local file and uploads its raw contents to externally supplied upload URLs and then to the Powerdrill service without any inline warning, consent gate, path restriction, or sensitivity check. In an agent skill context, this increases the risk of unintended exfiltration of local secrets, credentials, or personal data if the tool is invoked on attacker-influenced file paths or without clear user awareness that data leaves the local environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code exposes dataset deletion directly through both library helpers and CLI commands with no confirmation prompt, dry-run mode, or secondary validation. In an agent setting, a mistaken or adversarially influenced dataset_id could cause irreversible destruction of user data, making this materially risky beyond a normal low-level API wrapper.

Missing User Warnings

Low
Confidence
83% confidence
Finding
Session deletion is exposed without any confirmation or safeguard, allowing accidental loss of analysis context and work history. While less severe than dataset deletion because it is typically less permanent and less data-destructive, it still enables unintended disruption if invoked by mistake or through prompt/tool misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal