ClawHub

CDA Data Synth

Security checks across malware telemetry and agentic risk

Overview

This skill is a CDA-focused data-generation guide with reference schemas and examples, and it does not show hidden access, credential use, networking, or executable behavior.

Install this if you want help generating CDA-format synthetic dataset JSON. Pick output directories deliberately, review files before overwriting anything important, and do not treat generated physics data as validated for production or safety-critical use without independent verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are overly broad and can match common requests about simulation data, training data, or physics datasets that may not actually require this specialized skill. In an agentic system, this can cause unintended invocation, routing ordinary user requests into a high-authority data-generation workflow and producing outputs that are off-target, misleading, or unnecessarily trusted as CDA-compliant artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal