ClawHub

Data Cleaner Skill

Security checks across malware telemetry and agentic risk

Overview

This is a local CSV/Excel cleaning skill that changes cleaned output data as advertised, without network access, credentials, hidden persistence, or source-file deletion.

Install is reasonable for local CSV/Excel cleanup. Use it on a copy or sample first, inspect the generated cleaned file and report before using results for financial, customer, or operational decisions, and note that the documented batch_clean.py command is not included in this package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes automatic deduplication, filling, and phone/date normalization, all of which modify or remove user data, but it does not clearly warn that records may be deleted or values changed. In a data-cleaning tool, this can cause unintended data loss or integrity issues if users run defaults on sensitive business datasets without preview, backup, or confirmation.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are generic enough to match ordinary requests such as cleaning data, deduplicating records, or organizing spreadsheets, which increases the chance the skill is invoked unintentionally. In a data-modifying skill, accidental activation can lead to unwanted file processing, record deletion, or silent transformations of user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises cleaning features like deduplication, missing-value handling, and anomaly processing without warning that these operations can alter or remove records. Users may provide important financial, customer, or operational data without realizing the tool may overwrite values, drop rows, or otherwise make irreversible changes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal