ClawHub

SQL Report Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local SQL/report-generation helper with some hygiene and content-safety caveats, but no evidence of hidden access, exfiltration, persistence, or destructive behavior.

Reasonable to install for local report generation. Use it on trusted data or sanitize/escape report text before opening generated HTML from untrusted inputs, review privacy/legal requirements before acting on customer profiling or SMS/push marketing recommendations, and consider pinning dependencies in a controlled environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Intent-Code Divergence

Low
Confidence
95% confidence
Finding
The HTML export path inserts unescaped metadata and section content directly into the generated HTML using string formatting and f-strings. If any title, author, text, or description fields come from untrusted input, an attacker can inject arbitrary HTML or script into the report, leading to stored XSS when the file is opened in a browser.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase list includes broad natural-language terms such as common report-related expressions, which can cause unintended template selection when a user is speaking generally rather than explicitly invoking a template. In an agent skill, ambiguous activation increases the chance of misrouting user intent, producing the wrong output format, or bypassing expected confirmation steps.

Vague Triggers

Low
Confidence
82% confidence
Finding
The decision tree uses high-level phrases like business needs and audience-oriented prompts without clearly defining invocation boundaries or selection priority. This ambiguity can lead the agent to infer a template from loosely related user text, causing accidental activation or inconsistent behavior across similar requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template explicitly recommends behavioral targeting, churn prediction, personalized push messaging, and direct outreach such as cart-recovery SMS without any mention of lawful basis, consent, opt-out controls, data minimization, or regional privacy compliance. In an ecommerce analytics skill, these recommendations can directly drive deployment of privacy-invasive marketing workflows, increasing risk of GDPR/CCPA/PIPL violations and inappropriate use of profiling data.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# sql-report-generator 依赖
# 生产级数据报告生成器 - 多数据源/洞察生成/交互组件

pandas>=1.5.0
numpy>=1.21.0
matplotlib>=3.5.0
jinja2>=3.1.0
Confidence
92% confidence
Finding
pandas>=1.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 生产级数据报告生成器 - 多数据源/洞察生成/交互组件

pandas>=1.5.0
numpy>=1.21.0
matplotlib>=3.5.0
jinja2>=3.1.0
Confidence
92% confidence
Finding
numpy>=1.21.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=1.5.0
numpy>=1.21.0
matplotlib>=3.5.0
jinja2>=3.1.0
Confidence
90% confidence
Finding
matplotlib>=3.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=1.5.0
numpy>=1.21.0
matplotlib>=3.5.0
jinja2>=3.1.0
Confidence
95% confidence
Finding
jinja2>=3.1.0

Known Vulnerable Dependency: jinja2 — 10 advisory(ies): CVE-2019-10906 (Jinja2 sandbox escape via string formatting); CVE-2014-1402 (Incorrect Privilege Assignment in Jinja2); CVE-2025-27516 (Jinja2 vulnerable to sandbox breakout through attr filter selecting format metho) +7 more

High
Category
Supply Chain
Confidence
80% confidence
Finding
jinja2

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal