ClawHub

GAIN

Security checks across malware telemetry and agentic risk

Overview

This is a rice-trait prediction skill with disclosed local data processing, optional NASA weather fetching, and local weather caching; I found no evidence of hidden exfiltration or destructive behavior.

Install in an isolated Python environment, review dependency versions before use, and treat genotype CSVs as sensitive research data. Be aware that weather enrichment may contact NASA POWER and cache weather CSVs locally; use built-in/offline data if location disclosure is a concern.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README states the assistant will automatically recognize rice prediction requests without defining narrow trigger boundaries. Overly broad activation can cause the skill to engage on loosely related prompts and process user data unexpectedly, increasing the chance of unintended file access, network use, or misleading outputs in unrelated conversations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README says the system may call the NASA POWER API for precise weather data but does not warn users that location and query data may be transmitted to an external service. This creates a transparency and privacy risk because users may not realize their coordinates or inferred research context are leaving the local assistant environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README invites users to upload genotype files but provides no privacy warning, retention policy, or handling guidance for highly sensitive biological data. Genotype data can be identifying, proprietary, or regulated, so encouraging uploads without clear safeguards materially increases the risk of data leakage, unauthorized reuse, or accidental external transmission.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that exact-coordinate weather data may be fetched from NASA POWER and cached locally, but it does not present this as a privacy/security warning or require explicit user awareness. Exact lat/lon can be sensitive, and silently transmitting and retaining location-derived data can expose user context, create unintended data persistence, and violate least-surprise expectations.

Known Vulnerable Dependency: torch — 10 advisory(ies): CVE-2025-2953 (PyTorch susceptible to local Denial of Service); CVE-2022-45907 (PyTorch vulnerable to arbitrary code execution); CVE-2025-32434 (PyTorch: `torch.load` with `weights_only=True` leads to remote code execution) +7 more

Critical
Category
Supply Chain
Confidence
88% confidence
Finding
torch

Known Vulnerable Dependency: scikit-learn — 6 advisory(ies): CVE-2020-13092 (scikit-learn Deserialization of Untrusted Data); CVE-2024-5206 (scikit-learn sensitive data leakage vulnerability); CVE-2020-28975 (scikit-learn Denial of Service) +3 more

Critical
Category
Supply Chain
Confidence
80% confidence
Finding
scikit-learn

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
78% confidence
Finding
requests

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal