ClawHub
Back to skill

Security audit

Dx Data Navigator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate DX analytics helper, but it can guide an agent to query sensitive employee and engineering metrics without enough privacy or access boundaries.

Install only if the DX MCP database account is read-only, least-privileged, and limited to users authorized to view this data. Prefer aggregate team-level reports, and require explicit approval before retrieving names, emails, protected-user flags, individual survey answers, AI adoption status, or cross-system identity joins.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to trigger on a wide range of general engineering analytics questions, which can cause the agent to invoke a database-querying skill in situations where the user did not explicitly request access to DX data. Because the skill can run arbitrary SQL through an MCP tool, over-broad routing increases the chance of unnecessary access to sensitive organizational metrics and personnel data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These examples explicitly expose personally identifiable information such as employee email addresses and AI adoption status, but provide no privacy warning, minimization guidance, or authorization check. In a skill intended for broad analytics use, this normalizes retrieval of individual-level employee data that could be misused for surveillance, profiling, or unauthorized disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented join between GitHub verified emails and internal user records enables cross-system identity correlation, materially increasing the sensitivity of the data and making it easier to map external activity to named employees and teams. Without a privacy warning or access restrictions, this creates a clear pathway for deanonymization and workforce monitoring beyond routine operational analytics.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly advertises direct access to `email` and `github_username` fields in a DX analytics database without any privacy warning, minimization guidance, or access-control considerations. In this skill's context, the risk is elevated because the skill is designed to help query organizational metrics, making it likely that an agent or user could retrieve personally identifiable information unnecessarily or use it in broad analytics queries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.