ClawHub

Raccoon Data Analysis

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its remote data-analysis purpose, but it saves and opens provider-controlled result files too broadly and exposes part of the API token in one command.

Review before installing. Use it only with files you are allowed to send to the configured RACCOON_API_HOST, verify that host is trusted and HTTPS, avoid running auth-check where logs may be captured, and prefer --no-open until artifact filenames are sanitized and automatic opening is opt-in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
system = platform.system()
    try:
        if system == "Darwin":
            subprocess.run(["open", path], check=False)
        elif system == "Linux":
            subprocess.run(["xdg-open", path], check=False)
    except Exception:
Confidence
91% confidence
Finding
subprocess.run(["open", path], check=False)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if system == "Darwin":
            subprocess.run(["open", path], check=False)
        elif system == "Linux":
            subprocess.run(["xdg-open", path], check=False)
    except Exception:
        pass
Confidence
91% confidence
Finding
subprocess.run(["xdg-open", path], check=False)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill goes beyond data-analysis/session management by automatically launching local files after download. In this context that is more dangerous because users expect analysis, not local application invocation; a malicious or malformed artifact could trigger risky file handlers or unwanted browsing activity.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
User-supplied files are uploaded to a remote API service with no explicit warning or consent prompt at the point of transfer. In a data-analysis skill this is especially relevant because users may provide sensitive spreadsheets or documents and may not realize the content leaves the local environment.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The tool writes remote-generated artifacts to local disk by default without a strong user-facing warning. While lower severity than remote upload, this can create unexpected local files and persistence of potentially sensitive or unsafe content.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal