ClawHub

Langchain Skill Vmisep 2026

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LangChain assistant, but it needs review because it embeds an API key-like credential and sends prompts to external model providers without clear user control or privacy disclosure.

Review before installing. Use this only if you are comfortable with prompts being processed by Gemini and/or DeepSeek, replace the embedded key-like value with your own securely configured secret, and avoid entering secrets or sensitive personal/business data until provider handling, retention, and memory behavior are clearly documented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation pattern is broad and informal ('langchain <query>' or 'langchain: <query>') without defining scope, boundaries, or exclusions. This can cause unintended activation on normal conversation text, increasing the chance the skill captures queries or context unexpectedly and routes them into memory-backed or external LLM processing.

Vague Triggers

Low
Confidence
78% confidence
Finding
The memory test guidance says to chat multiple times with the same keyword, but does not clearly define activation boundaries or session behavior. This ambiguity can lead users to unintentionally persist sensitive context across turns or misunderstand when memory is being used.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently advertises conversation memory but does not warn users that prior messages are retained within the session. In a memory-enabled assistant, users may disclose names, preferences, or other sensitive content without realizing it will persist and be reused in later prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description discusses external API calls, DeepSeek/Gemini backends, and future web search/API integrations without disclosing that user data may be transmitted to third-party services. This creates a privacy and compliance risk because users are not informed about where their prompts, memory, or retrieved content may be sent.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
The skill states that it responds in Vietnamese without indicating user choice or override. While not severe by itself, forced language behavior can mislead users, reduce accessibility, and interfere with safe comprehension of warnings or consent-related information.

Missing User Warnings

High
Confidence
99% confidence
Finding
A DeepSeek API key is hardcoded directly in the source, which risks credential exposure through source control, logs, package distribution, or accidental sharing. Anyone obtaining the code can reuse the key to access the external service, incur charges, or interact with downstream data under the owner's account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends user queries to external LLM providers for routing without any visible disclosure or consent mechanism. This creates a privacy and data-governance risk because potentially sensitive user input is transmitted off-system before the user is informed or given a choice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal