ClawHub

Biomolecular Structure Prediction

Security checks across malware telemetry and agentic risk

Overview

The skill’s purpose is coherent, but it gives live external Markdown docs too much authority over API invocation code while using a local API key and uploading user data.

Install only if you trust SciMiner’s API documentation source and are comfortable sending your API key-authenticated requests and uploaded biomolecular inputs to SciMiner. Prefer using it with non-sensitive test data first, and do not provide proprietary sequences, ligands, structures, or credentials unless that external-service risk is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Session Persistence

Medium
Category
Rogue Agent
Content
5. Collect any missing required parameters from the user.
6. Upload required file inputs exactly as described by the selected Markdown
   doc and replace local paths with returned `file_id` values.
7. Write or run the invocation code directly from the selected Markdown doc's
   base-information block, parameter table, file-upload instructions, and
   example code. Do not apply a shared invocation template or local registry
   abstraction in this skill.
Confidence
89% confidence
Finding
Write or run the invocation code directly from the selected Markdown doc's base-information block, parameter table, file-upload instructions, and example code. Do not apply a shared invocation t

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal