ClawHub

Data Analysis

Security checks across malware telemetry and agentic risk

Overview

This CSV analysis skill is mostly coherent, but it automatically installs Python packages and writes analysis outputs without a clear consent gate.

Install only if you are comfortable with the agent modifying the Python environment and saving cleaned copies of datasets and reports. Prefer a sandbox or preinstall the dependencies yourself, and use Markdown output for sensitive CSVs unless you are comfortable opening active HTML that loads third-party CDN resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to install missing Python packages via pip at runtime. That expands the skill from passive CSV analysis into code execution and environment modification, which can trigger network access, dependency confusion/supply-chain risks, and persistent changes to the host without explicit user approval.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are very broad and overlap with many ordinary data-related requests, increasing the chance the skill is invoked when the user did not intend a file-processing workflow. In this skill's context, accidental invocation matters because the workflow can create files, generate HTML, and attempt package installation, so overbroad activation increases exposure to those side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs automatic creation of output directories and saving cleaned data/reports to disk without an upfront warning or consent gate. Writing files can leak sensitive transformed data, overwrite user expectations about workspace state, and create persistent artifacts containing potentially confidential information.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Directing automatic package installation via pip without clear warning or consent is dangerous because it performs system modification and may fetch code from external repositories. This creates both unauthorized side effects and supply-chain exposure, especially if package names are unpinned or the environment is shared.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal