ClawHub

ai-workflow-engine

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate AI workflow automation skill, but it needs Review because it imports undeclared local code and exposes broad network, file, database, webhook, and model-provider actions without enough scoping guidance.

Install only if you can review workflows before running them. Use a sandbox or test data first, avoid production databases and real email/webhook targets until validated, keep credentials in environment variables or a secret manager, pin dependencies, and remove or review the hard-coded local skill imports before trusting it in a sensitive environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (14)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly demonstrates workflows that scrape websites, clean data, write to databases, generate reports, and send email, but it provides no safety guidance, consent requirements, or warnings about side effects on user data and external systems. In an agent skill, these omissions increase the risk that a user or downstream agent will trigger actions with real-world consequences without understanding data handling, authorization, or outbound communication risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Agent, RAG, and code-generation sections normalize autonomous tool use such as reading files, writing files, querying the web, generating code, and sending email, yet they omit any warning about approval boundaries, data exfiltration, or unsafe generated code execution. Because this section encourages automatic fallback to tools and full workflow generation, the context makes the omission more dangerous: it could lead to unsupervised actions across local and external systems.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
requests
openai
anthropic
Confidence
98% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
requests
openai
anthropic
chromadb
Confidence
98% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
requests
openai
anthropic
chromadb
pypdf
Confidence
97% confidence
Finding
openai

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
requests
openai
anthropic
chromadb
pypdf
beautifulsoup4
Confidence
98% confidence
Finding
anthropic

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
openai
anthropic
chromadb
pypdf
beautifulsoup4
lxml
Confidence
98% confidence
Finding
chromadb

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai
anthropic
chromadb
pypdf
beautifulsoup4
lxml
Confidence
99% confidence
Finding
pypdf

Unpinned Dependencies

Low
Category
Supply Chain
Content
anthropic
chromadb
pypdf
beautifulsoup4
lxml
Confidence
98% confidence
Finding
beautifulsoup4

Unpinned Dependencies

Low
Category
Supply Chain
Content
chromadb
pypdf
beautifulsoup4
lxml
Confidence
99% confidence
Finding
lxml

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
requests

Known Vulnerable Dependency: anthropic — 2 advisory(ies): CVE-2026-34450 (Claude SDK for Python has Insecure Default File Permissions in Local Filesystem ); CVE-2026-34452 (Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox)

Low
Category
Supply Chain
Confidence
72% confidence
Finding
anthropic

Known Vulnerable Dependency: pypdf — 10 advisory(ies): CVE-2026-24688 (pypdf has possible Infinite Loop when processing outlines/bookmarks); CVE-2026-27628 (pypdf has a possible infinite loop when loading circular /Prev entries in cross-); CVE-2026-40260 (pypdf: Manipulated XMP metadata entity declarations can exhaust RAM) +7 more

Low
Category
Supply Chain
Confidence
90% confidence
Finding
pypdf

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
95% confidence
Finding
lxml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal