ClawHub

jupyter-notebook-manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Jupyter notebook utility, but running notebooks executes local code and should be limited to trusted files or a sandbox.

Install only if you want your agent to create and run Jupyter notebooks. Review notebooks before execution, prefer an explicit separate output path, avoid untrusted notebooks or crafted parameter values, and run unfamiliar notebooks in a restricted environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises file and shell-capable notebook creation/execution workflows but declares no permissions, which weakens reviewability and user understanding of what the skill can do. In a notebook manager, execution can run arbitrary Python from notebooks or helper scripts, read local files, and write outputs, so missing permission declarations materially increase the chance of unsafe or unexpected operations.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The README encourages broad natural-language requests such as creating and running notebooks without clear trigger boundaries, scope limits, or confirmation requirements. In an AI skill that can create and execute notebooks, ambiguous invocation patterns can cause the agent to perform high-risk actions on user files or generated code without sufficient validation.

Missing User Warnings

High
Confidence
97% confidence
Finding
This README documents notebook execution, parameter injection, and overwrite-by-default output behavior without prominently warning that notebooks contain arbitrary executable code. In the context of a notebook-management skill, this is dangerous because users or agents may execute untrusted notebooks or unintentionally overwrite originals, leading to code execution, data loss, credential exposure, or system compromise.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad triggers like 'data analysis' can cause the skill to activate for generic analytics requests, even when the user did not ask for notebook operations. In this skill, overbroad activation is more dangerous because the skill includes execution and file-modifying capabilities, so accidental invocation could lead to unnecessary code execution paths or file changes.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Activating because the working directory contains notebooks is an implicit environmental trigger rather than explicit user intent. That is risky here because merely detecting .ipynb files could steer the agent into reading, modifying, or executing notebooks the user did not ask to touch.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill promotes notebook execution and monitoring without a clear warning that executing notebooks can run arbitrary code, access local data, invoke subprocesses, and write files or outputs. In the context of a Jupyter manager, this omission is especially dangerous because execution is a core feature and users may incorrectly assume analysis is passive rather than code-running.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal