ClawHub

C++ 算法竞赛自动化测试数据生成与校验框架

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for C++ contest test-data generation, but it automatically runs generated or user-provided native code inside a broadly mounted Docker workspace.

Use this only in a disposable directory with no private files. Verify the Docker image source and checksum before loading it, review generated C++ before running the pipeline, and avoid mounting a workspace that contains credentials, important projects, or personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 1. 喂给 valid 校验输入合法性
        with open(in_file, 'r') as fin:
            v_res = subprocess.run([valid_exe], stdin=fin, capture_output=True, **run_kwargs)
            if v_res.returncode != 0:
                raise Exception(f"AI 编造的样例输入 {i} 格式不合法,未通过校验器:\n{v_res.stderr or v_res.stdout}")
Confidence
98% confidence
Finding
v_res = subprocess.run([valid_exe], stdin=fin, capture_output=True, **run_kwargs)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 2. 喂给 std 计算真实输出
        with open(in_file, 'r') as fin:
            s_res = subprocess.run([std_exe], stdin=fin, capture_output=True, **run_kwargs)
            if s_res.returncode != 0:
                raise Exception(f"标程运行 AI 样例 {i} 时崩溃:\n{s_res.stderr}")
Confidence
98% confidence
Finding
s_res = subprocess.run([std_exe], stdin=fin, capture_output=True, **run_kwargs)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 为防止随机种子与线上数据冲突,给 tc 传参加一个偏移量(如 100)
                with open(s_in, 'w') as fin:
                    res = subprocess.run([gen_exe, str(s_id), str(file_idx + 100)], stdout=fin, stderr=subprocess.PIPE, **run_kwargs)
                    if res.returncode != 0:
                        raise Exception(f"生成线下学生数据(输入)失败: {res.stderr}")
                with open(s_in, 'r') as fin, open(s_out, 'w') as fout:
Confidence
97% confidence
Finding
res = subprocess.run([gen_exe, str(s_id), str(file_idx + 100)], stdout=fin, stderr=subprocess.PIPE, **run_kwargs)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if res.returncode != 0:
                        raise Exception(f"生成线下学生数据(输入)失败: {res.stderr}")
                with open(s_in, 'r') as fin, open(s_out, 'w') as fout:
                    res = subprocess.run([std_exe], stdin=fin, stdout=fout, stderr=subprocess.PIPE, **run_kwargs)
                    if res.returncode != 0:
                        raise Exception(f"生成线下学生数据(输出)失败: {res.stderr}")
Confidence
97% confidence
Finding
res = subprocess.run([std_exe], stdin=fin, stdout=fout, stderr=subprocess.PIPE, **run_kwargs)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# a. 运行 gen 生成 .in
                    with open(in_file, 'w') as fin:
                        cmd_gen = [gen_exe, str(subtask_id), str(tc)]
                        res = subprocess.run(cmd_gen, stdout=fin, stderr=subprocess.PIPE, 
                                             **run_kwargs)
                        if res.returncode != 0:
                            print(json.dumps({"status": "error", "message": f"生成器在 Subtask {subtask_id} Case {tc} 崩溃:\n{res.stderr}"}))
Confidence
99% confidence
Finding
res = subprocess.run(cmd_gen, stdout=fin, stderr=subprocess.PIPE, **run_kwargs)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# b. 运行 valid 校验 .in
                    with open(in_file, 'r') as fin:
                        res = subprocess.run([valid_exe], stdin=fin, capture_output=True, 
                                             **run_kwargs)
                        if res.returncode != 0:
                            print(json.dumps({"status": "error", "message": f"数据校验失败 (Subtask {subtask_id} Case {tc}):\n{res.stderr or res.stdout}"}))
Confidence
98% confidence
Finding
res = subprocess.run([valid_exe], stdin=fin, capture_output=True, **run_kwargs)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# c. 运行 std 生成 .out
                    with open(in_file, 'r') as fin, open(out_file, 'w') as fout:
                        res = subprocess.run([std_exe], stdin=fin, stdout=fout, stderr=subprocess.PIPE, 
                                             **run_kwargs)
                        if res.returncode != 0:
                            print(json.dumps({"status": "error", "message": f"标程运行失败 (Subtask {subtask_id} Case {tc}):\n{res.stderr}"}))
Confidence
98% confidence
Finding
res = subprocess.run([std_exe], stdin=fin, stdout=fout, stderr=subprocess.PIPE, **run_kwargs)

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal