ClawHub

Data Twingler Skill for SQL, SPARQL, and GraphQL

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate live data-query helper, but users should know it may send prompts and generated queries to external OpenLink or configured endpoints.

Install this only if you want your agent to query live OpenLink, SPARQL, SQL, or GraphQL services. Review generated queries and endpoints before running them, avoid secrets or private data in prompts, and use least-privilege credentials for any authenticated OpenLink or MCP configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation guidance is extremely broad, including common prompts like "How to ..." and "Define the term ...", which can cause the skill to trigger for many unrelated requests. In this skill's context, unintended activation is more dangerous because it can route ordinary user prompts into live external query services, increasing the chance of unnecessary data transmission and unexpected external actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The predefined template triggers are ambiguous and underspecified, especially broad patterns such as "How to {X}", "{Question} with article/graph context", and "Define the term {X}". Because this skill performs live endpoint access, ambiguous matching can misclassify benign conversation as a data-query task and send user content to external systems or execute unnecessary remote queries.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to use direct native calls, REST functions, MCP, authenticated chat endpoints, and OPAL routing to external services, but it does not clearly warn users that their prompts and constructed queries may be transmitted to third-party endpoints. In a skill centered on live data access, this omission materially increases privacy and confidentiality risk because users may provide sensitive text assuming processing is local.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "How to {User Input}" is so broad that it can activate for many ordinary prompts unrelated to this skill's intended data-querying scope. In an agentic environment, this can cause incorrect skill selection and route arbitrary natural-language requests into live query construction, increasing the chance of unintended endpoint access, over-broad data retrieval, or unsafe prompt-to-query behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger "{Question} in context of an article or graph" is ambiguous and effectively matches a very large class of user inputs. Because this skill executes SQL/SPARQL/GraphQL against live services, overly permissive activation boundaries make accidental invocation more dangerous by allowing generic questions to be treated as data queries against external systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal