ClawHub
Back to skill

Security audit

Community Data Process

Security checks across malware telemetry and agentic risk

Overview

This is a local spreadsheet automation skill that matches its stated BI data-cleaning purpose, with practical data-handling cautions but no evidence of hidden exfiltration or destructive behavior.

Install only if you want the skill to read matching customer and BI Excel files from Downloads and create updated output files there. Keep only the intended source workbook in Downloads, review the generated BI upload before using it, and be aware that rerunning the merge can duplicate records because the workflow is append-only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation exposes file read, file write, and shell execution capabilities via direct Python command examples, but it declares no permissions or trust boundaries. This creates an unsafe transparency gap: users and platforms cannot accurately assess that the skill can read local files, generate modified spreadsheets, and invoke executable code.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow description states that the process cleans, audits, and incrementally merges data into a BI upload table, explicitly noting that it does not deduplicate, yet it provides no warning that repeated or automated runs can append duplicate business records. In a BI/data pipeline context, silent append behavior can corrupt reporting outputs and downstream decisions even without classic code exploitation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The step-by-step execution commands allow users to run clean, audit, merge, and full pipeline modes directly, but they omit any warning that the merge and full-run commands write updated BI output files that may affect business data. Because the skill is scheduled to run automatically and uses incremental append semantics, accidental manual execution can produce duplicate or unintended updates.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes derived Excel output files directly into the user's Downloads folder without confirmation, dry-run support, or overwrite safeguards. In an automation context that runs daily, this can unintentionally create or replace files in a sensitive user-controlled directory, leading to data confusion, accidental overwrite, or use of the wrong workbook in downstream business processes.

Missing User Warnings

High
Confidence
94% confidence
Finding
The script appends business data into a BI workbook and writes an updated workbook without any confirmation, idempotency check, duplicate detection, or backup. In this skill's context—scheduled daily processing of business reporting data—an incorrect source selection or rerun can silently produce duplicated or corrupted reporting inputs, materially affecting operational metrics.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The script writes a hidden status file in Downloads containing execution metadata and business counts without disclosing this side effect up front. While not severe, it creates an unexpected artifact in a broadly accessible user directory and may expose business process details to other local users or tools that monitor that folder.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The code prepares notification content containing execution time and business metrics and writes it to disk for possible external notification, but this side effect is not clearly disclosed. Even though this file does not actually send data out, staging notification-ready content increases the risk of unintended disclosure if another process consumes the file or if operators assume no notification artifacts are produced.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal