ClawHub

ClawBio Equity Scorer

Security checks across malware telemetry and agentic risk

Overview

This skill performs local genomic equity analysis as advertised, but users should treat its generated reports as sensitive private data.

Install only if you are authorized to analyze the VCF or ancestry CSV data. Store the generated report directory in a private location, avoid synced or shared folders for sensitive genomic outputs, review reports before sharing, and consider pinning dependencies for reproducible scientific work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This tool processes sensitive human genotype and ancestry data and persists derived reports, plots, and summaries to disk without an explicit privacy warning, consent checkpoint, or safer defaults. In this skill context, that is more dangerous because ancestry/genetic outputs can be identifying and sensitive, so users may unintentionally create local artifacts that expose protected information to other users, backups, sync services, or shared workspaces.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The pipeline writes multiple CSV, JSON, markdown, and image files containing population counts, heterozygosity, FST, PCA, and composite scoring results directly to the filesystem. In a genomics-analysis skill, this materially increases confidentiality risk because these artifacts may reveal sensitive ancestry structure or genotype-derived summaries and can persist in insecure directories, shared volumes, notebooks, or source-control repositories.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal