ClawHub

langgraph-for-agents

Security checks across malware telemetry and agentic risk

Overview

This is a coherent LangGraph/LangChain reference skill whose examples may call external AI, search, or web services when run, but the artifacts do not show hidden execution or malicious behavior.

Install only if you are comfortable with reference code that may contact external LLM, search, or web services when run. Do not use secrets, regulated data, private profiles, or confidential business prompts in these examples without adding consent, redaction, provider review, and data-handling controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code forwards user-supplied prompt content into an external search service through the tool call flow without any disclosure, consent, or data-handling boundary. In an agent skill context, this is more dangerous because prompts may contain sensitive user, enterprise, or task data that gets transmitted to third-party services unexpectedly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow retrieves stored user memories and injects them directly into the system prompt sent to the LLM, with no consent, minimization, or filtering. In an agent skill context, this can expose persisted personal or sensitive data to the model and any downstream logging or third-party provider handling the prompt.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The workflow sends user persona data and generated conversation content to an external LLM without any privacy notice, consent handling, minimization, or safeguards around potentially sensitive profile attributes. Because this skill is specifically about building agent workflows and includes persona extraction and evaluation, it normalizes processing behavioral/profile data in a way that could expose personal or inferred sensitive information to a model provider or logs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code sends raw user queries to external LLM providers through `llm_judge.invoke`, `llm_thinking.invoke`, and `llm_non_thinking.invoke` without any visible notice, consent flow, or data-minimization step. In an agent-building skill, users may pass sensitive prompts, so undisclosed third-party transmission creates a real privacy and compliance risk even if it is common LLM usage rather than malicious exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal