ClawHub

python

Security checks across malware telemetry and agentic risk

Overview

This Python setup skill is coherent, but it needs review because one helper option can recursively delete any chosen path and the skill can auto-activate for Python tasks.

Install only if you are comfortable reviewing Python environment changes. Keep the venv path as a project-local .venv, inspect dependency files before installs, and avoid --recreate unless you have confirmed exactly what directory will be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to run shell commands and inspect the environment (`python3 --version`, pip installs, test execution), but it declares no permissions for those capabilities. This is a real security/control issue because the runtime and reviewers are not given an accurate capability profile, which can lead to unreviewed command execution or environment access under the guise of a low-risk skill. The context makes it somewhat expected for a Python setup skill to need shell/env access, but that increases the need for explicit declaration rather than reducing risk.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill enables implicit invocation without any visible trigger constraints, so the agent may activate this Python-capable skill in situations the user did not clearly intend. Because this skill can set up environments, install dependencies, and run Python workflows, unclear activation increases the chance of unintended code-related actions, package installation, or environment changes from ambiguous prompts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
When --recreate is supplied, the script deletes the user-specified venv path with shutil.rmtree() immediately and without confirmation, boundary checks, or safety restrictions. In a skill/agent context where arguments may be composed or passed automatically, an incorrect or maliciously influenced --venv value could cause unintended recursive deletion of arbitrary directories accessible to the process.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal