ClawHub

Dolphindb Skills

Security checks across malware telemetry and agentic risk

Overview

This DolphinDB skill suite is mostly purpose-related, but it needs review because routine setup can silently install packages and evaluate generated shell commands.

Install only after reviewing the shell and Python setup scripts. Prefer a dedicated virtual environment or container, use `--no-install` or manual installation unless you explicitly approve package changes, avoid eval/source workflows with untrusted files, replace default credentials, and require confirmation before any DELETE, DROP, bulk write, Docker install, or subskill-update action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_command(cmd, shell=True):
    """运行 shell 命令并返回结果"""
    try:
        result = subprocess.run(
            cmd, 
            shell=shell, 
            capture_output=True,
Confidence
95% confidence
Finding
result = subprocess.run( cmd, shell=shell, capture_output=True, text=True, timeout=30 )

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The script presents itself as a detector, but when no existing DolphinDB environment is found it performs a package installation as a side effect. In a skill/agent context, this is dangerous because callers may safely `eval` or invoke it expecting passive detection, yet it modifies the system state and pulls code from an external package source without explicit consent.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script presents itself as an environment detector, but if no suitable environment is found it performs a package installation via pip. In an agent skill context, this hidden side effect is risky because simply running a 'detector' unexpectedly changes the host system, reaches out to package infrastructure, and may install software into a fallback Python environment without explicit consent.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script presents itself as an environment detector, but if no suitable environment is found it performs a package installation via pip. In an agent skill context, this hidden side effect is risky because simply running a 'detector' unexpectedly changes the host system, reaches out to package infrastructure, and may install software into a fallback Python environment without explicit consent.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The module documentation frames the script as a detection/helper tool, but the implementation also performs package installation into Python environments. This behavioral mismatch can mislead users and downstream agents into running code that changes the system unexpectedly, increasing supply-chain and integrity risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide states that if no existing environment is found, the tooling will automatically install into Python 3.13, but it does not clearly warn that this changes the user's local environment and may install packages or alter interpreter state. In an agent/skill context, undocumented automatic installation is risky because it can trigger unintended system modification, dependency drift, or execution under an unexpected interpreter without explicit user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting section instructs users to run `pip install dolphindb` directly, but does not disclose that this downloads third-party code and modifies the active Python environment. In a skill used by an automated agent, such instructions can lead to silent package installation, environment contamination, and supply-chain exposure if executed without user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly states that if no existing SDK is found, it will automatically install DolphinDB into a Python 3.13 environment, but it does not require confirmation, disclose package source/trust boundaries, or warn that the action modifies the local system. In an agent skill context, such guidance can cause unauthorized environment changes, dependency drift, or installation from untrusted indexes if implemented naively, making this more dangerous than ordinary documentation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The release notes explicitly advertise '支持自动安装(未找到时)' for the DolphinDB SDK, which implies the skill may modify the execution environment by installing packages automatically. In an agent/skill context, silently changing dependencies without explicit user confirmation or clear constraints can introduce supply-chain risk, break reproducibility, and alter host state in unexpected ways.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that if DolphinDB is not found it will automatically install it, but it does not clearly warn that this may change the local Python or Conda environment. In an agent setting, implicit package installation can alter dependencies, break reproducibility, or install unreviewed code from package sources without explicit user consent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises DELETE, DROP table/database, and partition deletion capabilities without prominent warnings about irreversible data loss. In a database administration skill, destructive operations are expected, but presenting them without safeguards increases the chance an agent or user executes high-impact commands unintentionally against real data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to `source` shell wrappers and run an environment initialization script that, elsewhere in the same file, may automatically install software if the SDK is missing. Sourcing a shell script executes it in the caller's shell context, so undocumented installation or environment mutation can change the system state unexpectedly and increases the risk of supply-chain abuse, privilege misuse, or hard-to-audit workstation changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The sample code uses hardcoded default administrator credentials (`admin` / `123456`) to connect to DolphinDB without any warning that these credentials are unsafe. This normalizes insecure deployment practices and can lead users to expose a database with trivial default credentials, enabling unauthorized access, data theft, tampering, or full administrative control.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script silently runs `pip install dolphindb --quiet 2>/dev/null`, suppressing warnings and errors and giving the user no opportunity to approve network access or dependency changes. In an agent skill, this increases risk because the hidden install can alter the runtime, introduce unreviewed third-party code, and make incident detection or troubleshooting much harder.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script captures output from another program and then executes any line beginning with 'export' via eval. If init_dolphindb_env.py is modified, replaced, or influenced by attacker-controlled environment/input, this becomes arbitrary shell code execution in the current shell context, not just simple variable assignment. Because this wrapper is designed to be sourced or run globally, the trust boundary is especially sensitive and increases the risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The wrapper executes `eval` on lines emitted by `init_dolphindb_env.py`, which means any code embedded in those `export` lines will run in the current shell context. If that helper script, its path, or its output can be influenced by an attacker, this becomes arbitrary command execution with the privileges of the user running the wrapper.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script runs 'pip install dolphindb --quiet' automatically and without prior warning or confirmation. In a skill or automation setting, this can silently alter the environment, install into a system/shared interpreter, and create supply-chain exposure by pulling code from package indexes during what appears to be a harmless discovery step.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script attempts to install the dolphindb package automatically when not found, without interactive confirmation or a strong warning. In a skill context, this is risky because executing the helper can silently modify the current interpreter or conda base environment, potentially introducing unreviewed packages and breaking reproducibility.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script uses `eval` on the stdout of `detect_dolphindb_env.sh`, which means any shell code emitted by that helper will execute in the current shell context. If the helper script, its path, or anything influencing its output is compromised, this becomes arbitrary code execution with the privileges of the user sourcing or running the script.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal