ClawHub

FEP Alternative

Security checks across malware telemetry and agentic risk

Overview

The skill’s scientific workflow is disclosed, but its bundled PDB helper exposes a broad generic HTTP client and optional arbitrary raw-response file writes that exceed the narrow PDB-retrieval purpose.

Install only if you are comfortable with the agent reading a SciMiner API key from ~/.config/sciminer/credentials.json, uploading molecular/receptor data to SciMiner, and running a bundled Python HTTP helper. Keep use limited to the documented SciMiner and RCSB endpoints, avoid providing sensitive headers or payloads to the PDB helper, and use raw response saving only to a path you explicitly choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The URL builder accepts absolute http/https paths and concatenates arbitrary relative paths onto a caller-supplied base URL, enabling unrestricted outbound requests to essentially any destination. In the context of a narrowly scoped scientific skill, this acts as a general-purpose network egress primitive that can be abused for SSRF-like access, data exfiltration, or use of the host as a proxy to unintended services.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The client permits arbitrary POST requests with attacker-controlled headers, query parameters, JSON/form bodies, and method selection, making it far broader than necessary for retrieval of scientific data. This can be abused to send arbitrary authenticated-looking traffic, hit internal or external APIs, or relay sensitive data from the execution environment to remote systems.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code can persist full raw response bodies to an arbitrary filesystem path under caller control, with a default path in `/tmp` if unspecified. If responses contain sensitive data, tokens, or proprietary content, this creates a local data exposure and retention risk, especially in shared or multi-tenant environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The module transmits caller-provided parameters, headers, and bodies to arbitrary remote services without any consent, warning, or policy enforcement. In an agent skill environment, this can silently leak user-supplied or environment-derived data to third parties, making the generic request capability more dangerous than in a standalone admin tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal