ClawHub

Personal Genomics Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and not deceptive, but it handles highly sensitive DNA and health data while giving prescriptive medical-style recommendations and optional network/tool setup steps that need careful review.

Install only if you are comfortable giving the agent access to DNA files and health details. Keep raw files and generated reports out of shared or cloud-synced folders, prefer local reference genomes instead of network CRAM fetching, verify any third-party tools before building them, and do not start, stop, or change medications or supplements based on the output without a qualified clinician or pharmacist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The setup guide instructs users to download and compile external tooling from the internet and later documents a network-based CRAM reference fetch path, which conflicts with the skill's stated local-only privacy posture. In a genomics context, even metadata-bearing outbound requests can undermine user expectations about keeping sensitive genetic workflows fully local.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Setting REF_PATH to an HTTP endpoint enables automatic outbound retrieval of CRAM reference sequences, creating an unexpected network path in a tool marketed as keeping raw genetic data on the user's machine. In personal genomics, this is especially sensitive because access patterns, reference lookups, and associated metadata may leak information about the user's sequencing data or analysis activity.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README’s example trigger phrase, roughly 'help me analyze my genetic data,' is broad and overlaps with normal user requests. In a skill that processes highly sensitive genomic and health information, an overly generic invocation increases the chance of accidental activation and unintended disclosure or processing of private data when the user did not explicitly mean to invoke this skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes analysis of highly sensitive genetic and health data but does not prominently explain how that data should be handled, retained, minimized, or protected during use. Because genomic data is uniquely identifying and can reveal disease risk and family information, unclear privacy practices can lead users to expose or persist extremely sensitive data in unsafe locations or tools.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises medication guidance, supplement protocols, dosages, timing, and screening schedules as actionable outputs without a prominent, immediate safety warning against self-treatment. In a genomics context, users may rely on AI-generated pharmacogenomic or supplement advice to start, stop, or adjust medications, which can cause adverse drug events, dangerous interactions, or delayed medical care.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks for genetic data, medical history, family history, medications, and lifestyle details, which together constitute extremely sensitive personal and health information. While it mentions local processing of raw data, it does not warn about privacy risks for derived reports, temporary files, prompts, logs, or downstream sharing, increasing the chance of inadvertent exposure of uniquely identifying health data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The eval prompts are very broad, open-ended natural-language requests that can cause the skill to activate without clear scope boundaries or safety gating. In a personal genomics skill, this increases the chance of generating medical-style interpretations, supplement advice, or medication-related recommendations from ambiguous user input without confirming consent, jurisdiction, or appropriate limitations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This reference file contains extensive clinically actionable interpretation and treatment-oriented guidance for high-stakes genetic findings, including cancer predisposition, anticoagulation, chemotherapy contraindications, and drug dosing implications, but it does not prominently warn that the content is informational only and not a substitute for licensed medical care. In the context of a personal genomics skill aimed at consumers, users could act on these statements without confirmatory testing or clinician review, leading to dangerous self-management, delayed diagnosis, medication harm, or severe psychological distress.

Missing User Warnings

High
Confidence
97% confidence
Finding
This is a true safety vulnerability because the guide presents genotype-based supplement regimens as actionable medical instructions, including explicit doses, escalation logic, monitoring plans, and directives to 'Begin immediately upon genetic finding.' In a consumer genomics skill, users may treat these recommendations as personalized care and self-initiate supplements despite contraindications, medication interactions, pregnancy status, renal disease, or misinterpreted genetic results; the disclaimer at the end is not sufficient to counter the prescriptive tone.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation tells users to fetch and build samtools and bcftools directly from the network, which exposes them to supply-chain risk and execution of untrusted build code without any warning or integrity verification guidance. Although common in developer workflows, this is still risky because users may run arbitrary downloaded code in a sensitive data-processing environment.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The guide describes automatic internet fetching of CRAM reference sequences without an explicit disclosure that network access will occur during analysis. In a privacy-sensitive genomics tool, that omission is dangerous because users may reasonably assume analysis is fully offline and may not realize external requests can be triggered.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal