ClawHub

COMSOL Simulation

Security checks across malware telemetry and agentic risk

Overview

This COMSOL simulation skill appears purpose-built, but it needs review because several helper scripts can run expensive simulations and overwrite model files without backups or clear opt-in.

Install only if you are comfortable reviewing scripts before use. Run it in a copy of your COMSOL project, keep backups of .mph files, avoid legacy diagnostic or repair scripts unless you explicitly need them, and treat install_mph.py and MOCK_SIM_SCRIPT-based mock mode as sensitive actions. The concern is not malware telemetry; it is insufficient containment and consent around model mutation, solver execution, and output integrity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to run local Python scripts, inspect the COMSOL environment, install packages, and read/write project and output files, which clearly exercises shell, environment, file read, and file write capabilities. However, the manifest declares no permissions, creating a mismatch that can bypass user/admin expectations and weaken security review, especially because some commands may consume licenses, discover local installations, or modify the workspace.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script presents itself as a direct diagnostic with 'no config needed', but it performs state-changing actions by running all studies found in the model and then saving the .mph file back to disk. In a simulation skill, this can silently alter project state, consume significant compute resources, and overwrite prior results or model configuration without explicit user consent.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The implementation goes beyond inspection by executing studies and persisting the modified model, which conflicts with the diagnostic framing and can surprise operators who expect a safe metadata check. This mismatch is risky because users may invoke the script in automation pipelines assuming it is non-destructive, leading to unintended recomputation and file mutation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file advertises that it exports numerical detector metrics to CSV/PNG outputs, but the CSV writer emits placeholder values like 'TBD' rather than real extracted measurements. In a scientific simulation workflow, this can silently produce misleading artifacts that downstream automation or users may trust as valid results, causing incorrect engineering or research decisions.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script claims to extract photodetector metrics, but core functions mostly return formulas, assumptions, hardcoded example values, and notes instead of reading actual COMSOL result data. This is dangerous because users of an automation skill may treat the generated outputs as authoritative simulation post-processing, leading to integrity failures in analysis pipelines rather than a simple functional bug.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The script installs packages directly from pip at runtime into a local vendor directory, which introduces a software supply-chain risk not clearly constrained by the skill manifest. If package resolution is influenced by a compromised index, dependency confusion, or an unexpected mirror configuration, the installer can fetch and execute untrusted code during installation.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The undocumented mock mode permits execution of an arbitrary Python script specified by the MOCK_SIM_SCRIPT environment variable whenever simulation_type is set to mock. In an agent or automation context, this creates a direct arbitrary-code-execution path if an attacker can influence configuration or environment, and the executed code runs with the privileges of the invoking process.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest enables implicit invocation with no visible constraints, trigger narrowing, or exclusions, which can cause the skill to be auto-selected in broader contexts than intended. Because this skill can configure and validate COMSOL simulation workflows, unexpected invocation could expose project context, drive unintended simulation actions, or let ambiguous user requests activate a relatively powerful capability without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script saves back to the same `opto_result.mph` file after performing `clear()`, `build()`, and `solve()` operations, with no backup, prompt, or dry-run mode. In a simulation skill, this can silently overwrite a user's model state, solver settings, or results, causing loss of reproducibility and destruction of prior work if the probe is run on an important model.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The probe intentionally mutates model state by calling `model.clear()`, `model.build()`, and `model.solve()` as part of diagnostics, but does not isolate those actions from the source model. In the context of a COMSOL automation skill, these operations may reset internal state, trigger expensive recomputation, alter generated data, or leave the model in a different condition than the user expects before it is later saved.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Saving the loaded COMSOL model back to the original path after executing studies can overwrite the user's source artifact without warning, potentially destroying reproducibility or prior known-good state. In engineering workflows, silent overwrite of simulation files is a meaningful integrity risk because it can change downstream analyses and make results hard to audit.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Running every discovered study as part of a 'diagnostic' operation can trigger expensive solver execution, state changes, and long runtimes without informing the caller. In the COMSOL simulation context, this is especially dangerous because studies may consume substantial CPU, memory, license capacity, and may update solution/dataset state unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script unconditionally saves changes back to the original COMSOL model file after deleting and recreating studies/solvers, with no backup, confirmation, or alternate output path. In this skill context, that can permanently destroy prior model configuration or corrupt a working simulation state if the automated fix is wrong or only partially succeeds.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script saves directly back to the original `opto_result.mph` file after modifying model physics, removing/recreating solver state, and attempting a solve, with no backup, prompt, or transactional safeguard. If the solve fails, partially mutates the model, or produces an unintended state, the original simulation file can be irreversibly overwritten, causing loss of prior model state and potentially propagating bad results into later workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script loads a production .mph model, mutates simulation state, removes and recreates physics features, deletes a solver, and then saves the modified file in place without prompting, backup, or writing to a separate output path. In an automation skill, this can silently corrupt or overwrite valuable simulation configurations and results, making recovery difficult and causing integrity loss even without an external attacker.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script mutates the loaded COMSOL model, removes the solver, attempts to change study physics, re-solves, and then saves back to the same .mph file without any confirmation, backup, or separate output path. In an automation skill for simulation workflows, this can silently destroy a user's known-good model state or persist unintended experimental changes, making recovery difficult and potentially corrupting downstream engineering results.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script saves changes directly back to the original COMSOL model file after modifying solver configuration and attempting a solve, with no confirmation, backup, or separate output path. In an automation skill for scientific simulation, this can unintentionally destroy prior model state, solver settings, or reproducibility artifacts if the reconfiguration is wrong or partially applied.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script writes a COMSOL model file to disk automatically without any user-facing disclosure, confirmation, or opt-in. While the saved file appears to be an expected simulation artifact rather than an overtly malicious payload, silent persistence can expose sensitive model parameters, filesystem locations, or proprietary simulation data and may violate user expectations in an automation context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script unconditionally saves the loaded COMSOL model back to the same .mph path after build/solve operations, which can overwrite the original project state without confirmation, backup, or separate output handling. In this skill context, simulation runs may mutate solver state, results, meshes, or configuration, so silent in-place overwrite risks irreversible loss of the user's baseline model and can propagate bad or partial results.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script saves back to the original COMSOL model path after making destructive changes, including removing study and solver elements and attempting a solve. Because there is no backup, prompt, or alternate output path, running the script can permanently overwrite a working model with modified or partially broken state, causing data loss and corrupting simulation configuration.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal