ClawHub

Pilot Service Agents Science

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed instruction-only skill for querying remote scientific data agents, with a documentation scope mismatch but no hidden install, credential access, persistence, or destructive behavior.

Safe to install if you already intend to use Pilot Protocol service agents and trust your pilotctl/daemon setup. Avoid sending secrets or sensitive data in queries, and note that some included agents overlap with academic literature despite the documentation saying literature belongs under a separate academic skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest explicitly says the skill should not be used for scholarly paper search, yet the documented catalog includes literature- and preprint-oriented services. This inconsistency can misroute users or higher-level agents into using the wrong capability domain, weakening policy boundaries between skills and causing unintended access to content that was supposed to be excluded.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file states that literature or citations are not part of this skill, but elsewhere advertises agents such as Inspire Literature and OSF preprints. In an agent-routing system, contradictory documentation is security-relevant because it can bypass intended separation-of-duties, leading automated consumers to invoke prohibited data sources under a misleading skill label.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal