ClawHub

Python Executor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote Python execution skill with real code-running and data-sharing risks, but the artifacts are coherent and do not show hidden or malicious behavior.

Install only if you trust inference.sh and are comfortable with a tool that can run Python code, make network requests, and return generated files. Prefer the manual install and checksum verification path over piping an installer directly into a shell, review generated code before running it, and do not include secrets, private datasets, or sensitive outputs unless you intend to send them through this provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very broad terms such as 'python', 'execute code', and 'automation', which can cause the skill to be invoked for a wide range of unrelated or sensitive requests. Because this skill enables arbitrary Python execution with network-capable libraries, over-broad routing increases the chance of unintended activation in contexts involving sensitive data or unsafe actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly promotes web scraping and HTTP/API libraries but does not clearly warn that submitted code may initiate outbound network connections and transmit user-provided or environment-derived data to external services. In a code-execution skill, omission of this warning is risky because users may assume processing is local or isolated when the code can communicate externally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that files written to outputs/ are automatically returned, but it does not warn that those files may contain sensitive data, embedded credentials, proprietary datasets, or scraped personal information. Automatic exfiltration of generated artifacts in responses increases the chance that users unintentionally expose sensitive material produced during execution.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal