ClawHub

CAD Editor

Security checks across malware telemetry and agentic risk

Overview

This CAD skill appears purpose-built for drawing generation, but it asks the agent to run generated Python code from user-derived inputs without strong validation or containment.

Install only in a virtual environment or disposable project workspace. Treat generated scripts as untrusted until reviewed, keep output paths inside a dedicated folder, and avoid passing untrusted filenames, output paths, or direct generator parameters. I found no evidence of theft, persistence, or deception, but the generated-code execution design is risky enough to require Review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill proposes generating Python source from natural-language-derived inputs and executing it with exec, which creates a direct code-injection path if the generator or extracted parameters can be influenced unexpectedly. In this context, a CAD skill only needs structured drawing commands, so arbitrary Python execution is unnecessarily dangerous and can lead to filesystem access, data exfiltration, or command execution depending on runtime privileges.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code claims to perform safe parameter extraction, but then calls safe.update(raw), allowing untrusted natural-language-derived values to flow directly into Python source templates. Multiple placeholders are injected without escaping or type validation, and helper methods also interpolate raw values into code strings, enabling code injection into the generated script that can execute when that script is later run.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation describes executing dynamically generated code and producing output files without any user warning or confirmation, which removes an important safety control for potentially impactful actions. Given the use of exec, the lack of prompting is especially dangerous because users may unknowingly trigger behavior beyond simple CAD generation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that preview and export artifacts are automatically written to an output directory but does not mention overwrite behavior, destination control, or user consent. This can cause unintended file modification or data loss, especially in shared or preexisting output locations.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The template library is written entirely in Chinese and the examples/patterns strongly assume Chinese-language input, with no indication of multilingual support or user-driven locale selection. In an agent skill, this can cause incorrect behavior, exclusion of users, or unsafe misinterpretation when users interact in other languages, especially if the agent silently applies the wrong template set.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal