ClawHub

Dolphindb Init

Security checks across malware telemetry and agentic risk

Overview

This DolphinDB helper is purpose-aligned, but it can automatically install an unpinned Python package and execute generated shell output without a separate approval step.

Review before installing. Use this only if you are comfortable with a DolphinDB helper scanning local Python environments and potentially installing the DolphinDB SDK. Prefer running it inside a dedicated virtual or conda environment, verify the target interpreter before sourcing the loader, and consider pinning the DolphinDB package version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger condition is defined as effectively any mention of DolphinDB plus a need to operate, which creates unnecessary auto-invocation risk for a skill that can inspect environments and install packages. In an agent setting, broad triggers can cause the skill to run in contexts where the user did not explicitly request environment changes, increasing the chance of unintended system modification or privilege-sensitive discovery of local Python environments.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The description says the skill will automatically detect, switch, and install the DolphinDB SDK if not found, but it does not clearly warn that it may modify the user's Python environment. In practice, automatic installation changes packages and interpreter state, which is risky in an initialization skill that users may invoke indirectly as a prerequisite for other tasks.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The troubleshooting section recommends uninstall/install commands that directly modify the user's environment without warning about side effects such as version drift, dependency conflicts, or breaking other projects. While common in setup docs, embedding these commands in a skill increases the chance an agent executes them automatically or suggests them without adequate consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script automatically installs the `dolphindb` package with `pip install --quiet` when no existing environment is found, without any user confirmation, prominent notice, version pinning, or integrity verification. In an agent skill context, this is risky because merely invoking an environment-detection helper can cause an unexpected network fetch and system modification, which expands the trust boundary and can expose users to supply-chain or unintended-environment changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script will automatically run `pip install dolphindb --quiet` if it does not detect an existing installation, with no interactive confirmation, dry-run mode, version pinning, or trust policy. That creates an implicit network-fetch and code-install side effect in an initialization skill, which can unexpectedly modify the host environment and expose the user to supply-chain risk if package sources or indexes are compromised.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script uses eval on the stdout of another script, which means any content emitted by detect_dolphindb_env.sh is executed as shell code in the current process. If that script is modified, compromised, or influenced by attacker-controlled data, this becomes direct command execution with the privileges of whoever sources or runs the loader; in this skill context, that is especially risky because this loader is intended as a required prerequisite for all DolphinDB operations, increasing reach and frequency of execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal