ClawHub

vaDeepresearch

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate research/report-generation skill, but it uses broad activation rules, external PDF tooling, and under-scoped file output paths that users should review before installing.

Install only if you are comfortable with a research skill that can run external PDF tooling and write generated reports to disk. Prefer using it in a dedicated workspace, avoid feeding it sensitive Markdown or untrusted embedded content, and review output paths before allowing file writes. VirusTotal was clean, and there is no artifact-backed evidence of deception or exfiltration, so this is a Review classification rather than a malicious finding.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
),
            ]

            result = subprocess.run(
                cmd, capture_output=True, text=True, timeout=120, cwd=output_dir
            )
Confidence
89% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=120, cwd=output_dir )

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger criteria are extremely broad, covering common phrases like 'analyze', 'research', 'generate PPT/report content', and many ordinary requests that may not require this high-capability skill. Overbroad activation is risky because it can cause the agent to invoke a shell/file-writing/network-enabled workflow unexpectedly, increasing the chance of unnecessary tool use, data exposure, or unintended side effects.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The English trigger section includes broad phrases such as 'comprehensive analysis' and 'content generation that requires current facts' without precise boundaries, making activation ambiguous. In the context of a skill that is designed to run scripts and create files, ambiguous English triggers expand the attack surface by making accidental or excessive invocation more likely for normal user prompts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
`save_research_results` writes markdown and JSON to a caller-controlled path without constraining it to the intended workspace or validating traversal/absolute paths. In an agent setting, untrusted prompts or tool inputs could cause arbitrary file overwrite within the agent's permissions, potentially clobbering configs, reports, or other sensitive files; the skill context makes this more dangerous because research/report generation workflows commonly accept user-specified output filenames.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal