ClawHub

Template SDS Generator

Security checks across malware telemetry and agentic risk

Overview

This SDS generator appears purpose-built, but it needs Review because OCR can retain extracted document text in an under-disclosed local cache.

Install only if you are comfortable running a local Python document tool that creates a virtualenv, installs dependencies, invokes local OCR/PDF tools, and writes audit artifacts. For sensitive SDS/MSDS files, avoid --enable-ocr unless you are prepared to manage or delete the .cache/ocr directory, and replace config/fixed_company.yml with approved supplier and emergency-contact details before relying on generated output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises shell execution, file read/write, and environment access but does not declare permissions, which reduces transparency and bypasses normal user trust cues about what the skill can do. In this specific skill, those capabilities are used for bootstrapping a virtual environment, installing dependencies, generating files, and invoking external tools, so the risk is real even if the behavior appears functional rather than overtly malicious.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill states that it is self-bootstrapping and will create a .venv and install dependencies on first use, but the description does not prominently warn users before invocation. Automatic dependency installation expands the attack surface through package supply chain risk and causes side effects on the host filesystem/network that a user may not expect from the top-level description.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code persists full OCR output, including extracted text and line-level content, to a long-lived cache on disk without any consent, retention control, or sensitivity checks. In this SDS/MSDS workflow, uploaded source documents may contain proprietary formulations, supplier details, or regulated safety data, so silent persistence can expose sensitive content to other local users, backups, or later processes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code can send page content from user-supplied PDFs to an OCR backend via run_ocr_for_pages when enable_ocr is set, but this file shows no inline consent gate, disclosure, or restriction that the backend must be local-only. SDS/MSDS documents may contain proprietary formulations, supplier details, or regulated safety information, so silent transmission to a remote OCR service creates a real confidentiality and compliance risk.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal