ClawHub

R Machine Learning Workbench

Security checks across malware telemetry and agentic risk

Overview

The skill is a local R machine-learning workbench whose scripts match that purpose, but it can install R packages and save dataset-derived outputs locally.

Install only in an environment where adding many R packages from CRAN and GitHub is acceptable. Run it on copies of sensitive datasets, review the output folder before sharing reports or artifacts, and verify calibration inputs have matching row order and counts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This code installs an R package at runtime, which gives the script software-management capability beyond its stated data-analysis purpose and causes side effects on the host environment. Even if intended for convenience, runtime installation can pull unpinned code from external repositories, alter the execution environment, and create supply-chain and reproducibility risk in automated or privileged agent contexts.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The XGBoost branch also performs package installation at runtime, which modifies the host environment and fetches executable code during normal model execution. In an agent skill, this is risky because it expands the script's privileges from analysis to environment mutation and introduces network and supply-chain exposure without explicit operator approval.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad enough to match many ordinary R or machine-learning discussions, which can cause this skill to activate outside the user's actual intent. Over-triggering is dangerous because it can unexpectedly steer conversations into executing or recommending complex local analysis workflows, package installation, or file-processing steps the user did not request.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill metadata and content strongly present the capability in Chinese, which can bias responses toward Chinese-language output without explicit user preference. This is risky because it can reduce transparency, user comprehension, and safe operator review, especially when commands, warnings, or analysis outputs are presented in a language the user did not request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When the prediction and ground-truth datasets have different row counts, the script silently truncates both to the shorter length without warning or validating row alignment. This can corrupt the evaluation by pairing the wrong labels with predictions or by discarding data, producing misleading calibration metrics and plots that may drive incorrect downstream decisions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The pipeline persists full train/test splits and later prediction outputs to disk, which can expose sensitive source records, labels, and potentially regulated data without explicit consent, minimization, or safeguards. In an ML skill context, datasets frequently contain proprietary or personal information, so automatic export materially increases the risk of unintended data disclosure through shared workspaces, artifacts, or downstream report packaging.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal