ClawHub

Python Cookbook

Security checks across malware telemetry and agentic risk

Overview

This Python helper is coherent and disclosed, but its run and format commands can execute code and change files when used.

Install only if you want a Python helper that can run code and format files. Do not use the run command on untrusted snippets or files outside a sandbox, and use format only on files you are comfortable modifying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script exposes a `run` command that executes arbitrary Python supplied either inline or from an arbitrary file path via `python3 "$file"` or `echo "$code" | python3`. That materially exceeds a cookbook/snippet utility and creates direct code-execution capability, which is dangerous if the skill is invoked on untrusted input or by an agent that assumes it only provides reference snippets.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Arbitrary Python execution is not justified by the stated purpose of providing Python code patterns and recipes, so the skill presents a hidden high-risk capability. In agent contexts, this mismatch is especially dangerous because tooling may be auto-selected based on the benign description while actually permitting execution of attacker-influenced code.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and overlap with normal development requests such as 'debug python', 'lint python', and 'format python', making accidental invocation more likely. Because this skill can execute code and modify files, overbroad triggering raises the chance that powerful actions are activated in contexts where the user did not intend to invoke this particular skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The format command explicitly auto-formats a Python file, which means it writes changes to user files, but the description does not clearly warn about that side effect. Users may invoke it expecting analysis only, leading to unintended file changes, overwritten formatting, or disruption of in-progress work.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal