ClawHub

Molecular Docking AutoDock

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate molecular-docking purpose, but its script can run unintended local shell commands if given crafted file or output paths.

Review before installing or running. Use only with trusted paths and preferably inside an isolated environment until the script replaces shell=True string commands with argument-list subprocess calls, validates paths, scopes output directories, and verifies downloaded tooling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Step 2: Convert to PDBQT with AutoDock Tools script or obabel
        cmd = f"obabel {temp_pdb} -O {self.prepared_pdbqt} -xr -h --partialcharge gasteiger"
        subprocess.run(cmd, shell=True, check=True, capture_output=True)
        os.remove(temp_pdb)
        return self.prepared_pdbqt
Confidence
98% confidence
Finding
subprocess.run(cmd, shell=True, check=True, capture_output=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
p2rank_output = os.path.join(self.output_dir, "p2rank_output")
        os.makedirs(p2rank_output, exist_ok=True)
        cmd = f"prank predict -f {self.protein_pdb} -o {p2rank_output}"
        subprocess.run(cmd, shell=True, check=True, capture_output=True)
        
        # Read top pocket result
        predict_file = os.path.join(p2rank_output, os.path.basename(self.protein_pdb).replace(".pdb", "_predictions.csv"))
Confidence
99% confidence
Finding
subprocess.run(cmd, shell=True, check=True, capture_output=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Run VINA
        cmd = f"vina --config {config_file}"
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
        if result.returncode != 0:
            raise RuntimeError(f"VINA docking failed: {result.stderr}")
Confidence
73% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for i in range(self.num_modes):
            ligand_pdb = os.path.join(self.output_dir, f"ligand_mode_{i+1}.pdb")
            cmd = f"obabel {self.docking_pdbqt} -O {ligand_pdb} -m -f {i+1} -l {i+1}"
            subprocess.run(cmd, shell=True, check=True, capture_output=True)
            ligand_pdbs.append(ligand_pdb)
        
        # Combine protein and top ligand into complex PDB
Confidence
97% confidence
Finding
subprocess.run(cmd, shell=True, check=True, capture_output=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs use of local files and shell commands (`conda`, `pip`, `wget`, `tar`, running a Python script) but does not declare any permissions for file read, file write, or shell execution. This creates a permission-model mismatch: an agent or reviewer may treat the skill as lower risk than it really is, while the skill can still drive filesystem access and command execution in practice.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal