ClawHub

simulated-peak-plot

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This plotting skill is mostly purpose-aligned, but it allows broad local file reads and writes with weak path limits and exposes full local file paths.

Install only if you are comfortable with a local plotting script that can read CSV files you point it at and can write or overwrite output files at user-supplied paths. Prefer using simple filenames so outputs stay in the skill data directory, avoid sensitive CSV paths, and avoid sharing logs that contain file:/// links.

SkillSpector (7)

By NVIDIA

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The CSV import path is accepted directly from user input and passed to open() after only an existence check, which allows reading any file path accessible to the process. In the context of a plotting skill, this exceeds the stated purpose of importing device-export CSVs and can expose local sensitive files if an agent is induced to read attacker-chosen paths.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The output path logic explicitly permits absolute paths and any path containing directory separators, then writes a PNG there with plt.savefig(). This enables arbitrary file creation or overwrite anywhere the process has permission, which is a stronger primitive than normal plot generation and can damage files or place content in sensitive locations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The same unrestricted output-path handling appears in simulated plot generation, so both imported-data and generated-data modes allow attacker-influenced writes. In agent environments, arbitrary write capability can be chained into persistence, clobbering user files, or writing misleading artifacts outside the skill sandbox.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include broad terms like '模拟信号' and '生成模拟数据', which can overlap with normal conversation and cause the skill to activate outside the intended plotting context. Overbroad activation is dangerous because it can lead to unexpected file operations or data handling without the user realizing a file-capable skill was invoked.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The example trigger list remains ambiguous and lacks sufficient contextual restrictions, so ordinary requests about data generation or visualization may match unintentionally. In this skill, accidental invocation matters because the documented workflow includes importing local CSV files and exporting outputs to disk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents CSV import and PNG/CSV export behavior but does not clearly warn users that local files may be read and new files written. This creates a transparency and consent gap, especially if the skill is auto-triggered or used in shared environments where file locations and contents may be sensitive.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Mandating that the skill always output clickable file:/// URIs exposes local filesystem paths, which may reveal usernames, directory structures, project names, or other sensitive environmental details. This is especially risky in logs, shared chats, screenshots, or any setting where output may be visible beyond the requesting user.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal