ClawHub

diffraction-scatter

Security checks across malware telemetry and agentic risk

Overview

This pyFAI diffraction/scattering skill performs disclosed local data processing and environment setup with no evidence of hidden data access, exfiltration, or unsafe persistence.

Install only if you need pyFAI-based diffraction/scattering processing. Run the installer in a project directory or virtual environment you control, review the pip packages it installs, and provide only the detector data and correction files intended for the analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the agent to run Python scripts, inspect local files, glob input datasets, and write outputs, which clearly implies shell execution plus file read/write capabilities without any declared permission boundary. That is dangerous because users and hosting platforms cannot accurately assess or constrain what the skill may access, especially when it processes arbitrary paths and large datasets.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal