ClawHub

Data Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local data-analysis skill, with normal setup and file-output behavior for its purpose, but users should handle generated reports and dependency installs carefully.

Install this in a virtual environment when possible, review install.sh before running it, and treat generated summaries, charts, cleaned CSVs, and reports as potentially sensitive. Do not use the email, cloud-upload, or curl examples with confidential data or untrusted sources without approval and review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises shell execution and file-writing behavior via tool invocations and installation scripts, but it does not declare corresponding permissions. That mismatch weakens user and platform visibility into what the skill can do, increasing the risk of unexpected command execution or modification of local files when the skill is triggered.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases are broad, generic, and cover common requests about cleaning data, analysis, charts, and reports. This can cause unintended activation of a skill that installs packages, runs Python tools, and writes output files, exposing users to actions they may not have explicitly requested.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation includes a curl download from a remote source without an explicit warning that it performs a network fetch and trusts external content. This can lead users to retrieve untrusted or replaced data, which is especially relevant in a skill that encourages automated processing of downloaded files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation presents `--clean` as an automatic convenience feature but does not prominently warn that it can irreversibly transform the dataset by dropping columns, removing rows, capping outliers, and generating output artifacts. In an enterprise data-analysis skill, this can mislead users or downstream agents into applying destructive preprocessing without informed consent, causing data loss, skewed analysis, or compliance issues if important fields are removed.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation includes examples that email generated reports and upload them to cloud storage without any adjacent warning about sensitive data, access controls, or approval requirements. In a data-analysis skill that processes Excel/CSV/JSON files, reports can easily contain PII, business metrics, or proprietary insights, so these examples may normalize unsafe data exfiltration workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The tool automatically writes analysis artifacts next to the input file without explicit user confirmation or a clear warning in its interface/documentation. In an agent skill context, this can cause unintended filesystem modification, overwrite collisions, or leakage of sensitive dataset-derived metadata into shared/workspace directories, especially when invoked on confidential enterprise data.

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
74% confidence
Finding
numpy

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal