ClawHub
Back to skill

Security audit

Pythesis Plot

Security checks across malware telemetry and agentic risk

Overview

This skill is a local academic plotting workflow that saves datasets and generated outputs on disk, with no evidence of exfiltration, credential access, hidden execution, or destructive behavior.

Install only from a source you trust, preferably in a virtual environment. Do not process confidential, regulated, or unpublished datasets unless you are comfortable with local copies and generated figures being saved under the output directory; review and delete those outputs when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill describes file read/write behavior and automatic persistence of uploaded data, but there is no explicit declaration of permissions or equivalent user-visible capability disclosure. This creates a transparency and governance gap: users and reviewers may not realize the skill can store uploaded research data on disk, which is especially sensitive in academic workflows.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example trigger phrases are broad natural-language requests such as asking for charts or plotting help, which can match many ordinary conversations and cause the skill to activate when the user did not explicitly intend to use it. In an agent environment, overbroad activation increases the chance of unintended data handling, workflow injection into unrelated tasks, and unnecessary access to uploaded files.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation description says the skill triggers when users upload data files and ask for plots, charts, figures, or data visualization, but it does not clearly define boundaries or exclusions. This ambiguity can cause accidental invocation in general data-analysis or casual charting requests, expanding the skill's operational scope beyond what the user may expect.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README advertises trigger phrases such as generic requests to create charts for a paper, which are broad enough to match ordinary user conversations outside a clearly scoped plotting workflow. In a skill system with automatic activation, this can cause unintended loading of the skill on unrelated files or contexts, increasing the chance of unnecessary data access or execution of plotting-related steps.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example YAML trigger description is broad and lacks explicit exclusions, so implementers may copy a permissive activation policy directly into the skill definition. Because this is an agent skill that processes uploaded files, overbroad matching raises the risk of accidental invocation on sensitive documents or ambiguous requests where the user did not intend code-driven data handling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation states that a renamed copy of the original dataset is saved into the output directory, but it does not prominently warn users that uploaded data may be persisted locally. For thesis and research scenarios, datasets can contain unpublished results, personal data, or regulated information, so silent duplication increases the risk of unintended retention, disclosure, or inclusion in backups and shared folders.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow states that uploaded files are automatically renamed and saved to an output directory, but it does not clearly warn users before persistence occurs. Because uploaded thesis or dissertation data may contain unpublished, confidential, or regulated information, silent saving to disk can cause unintended data retention and privacy exposure.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill also saves generated Python scripts and chart images to disk without an explicit user-facing warning about file creation and retention. While less sensitive than the original upload, these outputs can still reveal underlying data, analysis choices, filenames, or derived confidential insights, leading to residual disclosure risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The installation guide suggests broad natural-language trigger phrases like asking to create charts from an uploaded CSV. In a skill that auto-activates on ordinary plotting requests, this can cause unintended invocation during normal user interactions, expanding the skill's reach beyond clear user consent. The risk is contextual over-triggering rather than direct code execution, but it can still steer sessions into this skill unexpectedly.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The verification step tells users to upload any data file and issue a vague request like creating charts for a thesis, expecting auto-activation. Because this phrase is broad and lacks exclusions, it encourages a trigger model that overlaps with ordinary data-analysis requests and may activate the skill unintentionally in unrelated contexts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly saves uploaded datasets and multiple derivative artifacts to local disk, but the guide does not mention user notice, consent, retention limits, or access controls. In a thesis/data-analysis context, uploaded files may contain unpublished research data, personal data, or sensitive experimental results, so silent persistence increases privacy and data-handling risk if the host is shared, compromised, or logs/backups retain the files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal