ClawHub
Back to skill

Security audit

Path-Dispatch

Security checks across malware telemetry and agentic risk

Overview

The skill is a local workflow graph helper, but its default cache loading can execute code if a crafted .cache file is placed beside the user's workflow file.

Install only if you can manage the cache risk. Use it in directories you control, delete existing .cache files before running on downloaded or shared workflow files, and set PATH_DISPATCH_NO_CACHE=1 for untrusted, CI, or multi-user environments. Prefer a future version that replaces pickle with a non-executable cache format and pins dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code unpickles data from a cache file derived directly from a user-supplied input path using pickle.load(), which can execute arbitrary code during deserialization. Because the cache is trusted based only on file existence and modification time, an attacker who can place or replace the .cache file can achieve code execution when the script runs. In this graph-dispatch context, pickle is unnecessary for core functionality, so this capability is unrelated and especially risky.

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
scipy.sparse
Confidence
98% confidence
Finding
numpy

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
94% confidence
Finding
numpy

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.