ClawHub

strain identification

Security checks across malware telemetry and agentic risk

Overview

The skill fits an online BLAST report workflow, but it uploads sequencing data to NCBI and appears to generate reports from hard-coded identification results, so users should review it before use.

Install only after reviewing the code. Do not use it for proprietary, clinical, regulated, or confidential sequences unless your organization permits uploading them to NCBI. Treat its identification output as unreliable until real BLAST result retrieval and parsing are implemented, and run it in a dedicated folder to avoid overwriting an existing report.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code transmits raw biological sequence data to NCBI over the network via requests.post without any consent prompt, disclosure, or configuration to disable external sharing. Even though NCBI uses HTTPS, sequence data may still be sensitive, proprietary, or regulated, so silent exfiltration to a third-party service creates a real confidentiality and compliance risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill uses a generic "text" trigger without any activation phrase, scope restriction, or context guardrails. This can cause the skill to activate on unrelated user input and unexpectedly process local file paths or initiate downstream actions, which increases the attack surface and the chance of unsafe or unauthorized execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will submit sequencing data to the online NCBI BLAST service, but it does not disclose that user-provided biological sequence data leaves the local environment and is transmitted to a third party. This can create privacy, confidentiality, and compliance risks, especially if the samples are sensitive, proprietary, clinical, or otherwise regulated.

Unpinned Dependencies

Low
Category
Supply Chain
Content
biopython>=1.81
python-docx>=0.8.11
requests>=2.31.0
Confidence
95% confidence
Finding
biopython>=1.81

Unpinned Dependencies

Low
Category
Supply Chain
Content
biopython>=1.81
python-docx>=0.8.11
requests>=2.31.0
Confidence
98% confidence
Finding
python-docx>=0.8.11

Unpinned Dependencies

Low
Category
Supply Chain
Content
biopython>=1.81
python-docx>=0.8.11
requests>=2.31.0
Confidence
98% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: biopython — 1 advisory(ies): CVE-2025-68463 (Biopython is vulnerable to doctype XML external entity (XXE) injection through B)

Low
Category
Supply Chain
Confidence
76% confidence
Finding
biopython

Known Vulnerable Dependency: python-docx — 2 advisory(ies): CVE-2016-5851 (Improper Restriction of XML External Entity Reference in python-docx); CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct XML Exter)

High
Category
Supply Chain
Confidence
99% confidence
Finding
python-docx

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal