ClawHub

dive-into-langgraph

Security checks across malware telemetry and agentic risk

Overview

This is a LangGraph tutorial skill with disclosed examples, but some examples should be adapted carefully before use with real private data.

Install dependencies in an isolated environment, protect API keys, and assume prompts, search queries, file contents, and embeddings may be sent to the configured model or search provider. Do not copy the PII, authorization, or file-injection examples into production without adding real code-level access checks, path allowlists, redaction, consent, and logging controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documented PII-masking flow is unsafe because, even after producing a masked version of the user input, the example conversation shows a later assistant response restating the original sensitive file path and username. This defeats the purpose of redaction and teaches an implementation pattern that can leak sensitive data back to the user or into logs, transcripts, and downstream systems.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation says non-admin users are prohibited from using the get_weather tool, but the example immediately shows a viewer context still triggering that tool call. This demonstrates that access control is being expressed only in prompt text rather than enforced in code, which can mislead developers into shipping broken authorization around tool use.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The guide encourages sending user queries to external search providers and LLM-backed services without any warning that prompts may leave the local environment and be processed by third parties. In an agent-building context, this can lead developers to unknowingly transmit sensitive prompts, internal data, or user information to external APIs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The PII-detection example sends user-provided content, including potentially sensitive paths and identifiers, to an external model for classification without any explicit user warning or consent flow. In a privacy-sensitive setting, this can itself constitute a disclosure of the very data the guardrail is supposed to protect.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The masking flow sends the original sensitive content to a model for redaction without warning the user that their raw PII will be exposed to that model. This creates an unnecessary privacy risk because redaction occurs only after the external service has already seen the sensitive text.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file injection middleware reads arbitrary local file paths from runtime context and appends full file contents into model messages, but the example does not include any explicit user notice or consent boundary about sending those contents to the model. In practice, this can cause unintended disclosure of sensitive local data, especially if uploaded_files can reference broader filesystem paths or if the model backend is remote.

Ssd 3

High
Confidence
99% confidence
Finding
The example demonstrates a data-security failure: despite a masking step, the assistant later reproduces the original sensitive path and username. This indicates the raw message remains available in agent state or context, making the redaction ineffective and creating a direct leakage pattern for sensitive user data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal