ClawHub

Csv Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a local CSV analysis helper with one constrained unsafe coding pattern, but no evidence of hidden access, exfiltration, or persistence.

Install only if you need a lightweight local CSV CLI. Treat the Excel and natural-language claims as overstated, and avoid relying on this for sensitive or critical analysis until the eval-based filter is replaced with a safer explicit comparison implementation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

eval() call detected

High
Category
Dangerous Code Execution
Content
def matches(row_val):
        if is_numeric(row_val) and is_numeric(val):
            a, b = float(row_val), float(val)
            return eval(f"a {op} b")
        else:
            if op == "==": return row_val.strip() == val
            if op == "!=": return row_val.strip() != val
Confidence
98% confidence
Finding
return eval(f"a {op} b")

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal