ClawHub

Graphify Source

Security checks across malware telemetry and agentic risk

Overview

Graphify appears to be a legitimate knowledge-graph skill, but its local-only claims conflict with instructions that require external LLM API keys for semantic extraction of code and documents.

Review before installing. Use it only on projects and media you are comfortable exposing to the configured LLM provider unless you can verify a strict local-only mode. Avoid proprietary code, secrets, regulated data, and private media until the provider, transmitted data, and opt-in controls are clearly documented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation claims the skill is fully local and free, but later states that semantic extraction requires external API keys. This inconsistency can mislead users about data flow and trust boundaries, causing them to process sensitive code or documents under the false assumption nothing leaves the machine. The explicit safety reassurance ('通过 VirusTotal、ClawScan 和静态分析扫描,安全') increases suspicion because it asks the reader to trust a safety claim despite contradictory behavior descriptions.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The manifest says 'requires_api_key: false', while the body instructs users to set ANTHROPIC_API_KEY or OPENAI_API_KEY for semantic extraction. This creates a deceptive installation and privacy posture: automated systems or users may approve the skill as local/no-credentials-required when it actually supports or depends on remote inference for some functionality. In a code-analysis skill, that confusion is security-relevant because repository contents may be exposed to third-party APIs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal