ClawHub

Matlab Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MATLAB automation bridge, but installing it means allowing agent-driven local MATLAB code and script execution.

Install only if you intentionally want OpenClaw to run local MATLAB code on your machine. Use trusted or reviewed MATLAB code and .m scripts, avoid prompts that could modify unrelated files, and periodically inspect or delete saved output/workspace files if they contain private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f"cd('{temp_dir}'); {temp_name}"
            ]
            
            result = subprocess.run(
                cmd, 
                capture_output=capture_output, 
                text=True,
Confidence
99% confidence
Finding
result = subprocess.run( cmd, capture_output=capture_output, text=True, timeout=300 # 5分钟超时 )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
]
        
        try:
            result = subprocess.run(
                full_cmd,
                capture_output=True,
                text=True,
Confidence
98% confidence
Finding
result = subprocess.run( full_cmd, capture_output=True, text=True, timeout=300 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises shell execution, file read/write, and direct MATLAB code/script execution, yet declares no permissions or trust boundaries. That mismatch is dangerous because users and the platform are not warned that arbitrary MATLAB commands and scripts can access local files and invoke system functionality, which can lead to data exfiltration, destructive file changes, or command execution.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill states that outputs are automatically written to a fixed local directory but does not prominently warn the user or require confirmation. In a skill that can generate arbitrary outputs from user prompts, silent writes to a predetermined path can leak sensitive analysis artifacts, overwrite prior results, or create persistence on the host without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The status document explicitly advertises direct execution of arbitrary MATLAB code and saving outputs to a fixed filesystem location, but provides no warning, trust boundary, sandboxing note, or usage restrictions. In the context of an agent skill, this materially increases the likelihood that user-controlled or model-generated code will be executed with local system access, enabling file modification, data exfiltration, or dangerous system interaction through MATLAB facilities.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The `execute` functionality runs arbitrary MATLAB code and saves outputs/workspace files without any trust boundary enforcement, confirmation, or safety controls. In a skill environment this materially increases risk, because users or upstream agents may not realize they are triggering arbitrary local code execution with filesystem side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill creates a persistent output directory and later stores execution results and workspace data there by default, which can expose sensitive data from MATLAB sessions to other local users, later processes, or unintended retention. In an agent setting, silent persistence of artifacts broadens the impact of any misuse or accidental execution of sensitive code/data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes a PNG file to a hard-coded local directory on the D: drive without prompting the user or verifying that the location is appropriate for the current system. This can cause unintended file creation, privacy issues, or failures on systems where that path maps to sensitive, shared, or nonexistent storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal