ClawHub

Phenosnap Phenotype Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent medical text extraction purpose, but it automatically downloads and runs unpinned third-party Python code before handling sensitive health text.

Install only if you are comfortable with first-run downloads from GitHub, bootstrap.pypa.io, and PyPI-related dependency installation. Run it in a dedicated virtual environment or sandbox, provide de-identified clinical text, consider pre-installing a reviewed pinned PhenoSnap version, and delete generated input/output artifacts when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The README makes a privacy/security-relevant claim that the skill 'operates fully locally' while also stating it may use internet access for bootstrapping and dependency installation. This can mislead users handling sensitive clinical text into assuming there is no network-related exposure or supply-chain risk, when the documented setup behavior clearly involves remote code/package retrieval.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims extraction is 'local-only' and says not to upload user text anywhere, but it also instructs the agent to download third-party code and pip bootstrap artifacts from the internet at runtime. Even if the user text itself is not explicitly uploaded, this is still security-relevant because it introduces remote code supply-chain risk into a workflow handling sensitive clinical data and can mislead users about the true network behavior of the skill.

External Transmission

Medium
Category
Data Exfiltration
Content
Download method (pick first available):
- If `curl` exists:
  - `curl -L "https://github.com/WGLab/PhenoSnap/archive/refs/heads/main.zip" -o "{baseDir}/third_party/phenosnap_main.zip"`
- Else on Windows PowerShell:
  - `Invoke-WebRequest -Uri "https://github.com/WGLab/PhenoSnap/archive/refs/heads/main.zip" -OutFile "{baseDir}/third_party/phenosnap_main.zip"`
Confidence
92% confidence
Finding
curl -L "https://github.com/WGLab/PhenoSnap/archive/refs/heads/main.zip" -o "{baseDir}/third_party/phenosnap_main.zip"` - Else on Windows PowerShell: - `Invoke-WebRequest -Uri "https://github.com/WG

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal