ClawHub

Protein-Ligand Docking

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed scientific docking workflow that runs local analysis tools and writes result files, with no evidence of hidden or destructive behavior.

Install only if you are comfortable running local scientific tools such as OpenBabel and AutoDock Vina. Use trusted executable paths, keep the work in a dedicated project directory, review generated reports before relying on them, and avoid sending confidential protein, ligand, or project data to external services such as UniProt, RCSB, or Google Colab unless that sharing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
]

    print(f"\nRunning Vina...")
    result = subprocess.run(cmd, capture_output=True, text=True, cwd=output_dir)
    output = result.stdout + result.stderr
    print(output[-2000:])
Confidence
72% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True, cwd=output_dir)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill directs the agent to save files and run local scripts, and explicitly references shell-capable tooling such as AutoDock Vina, but it declares no permissions. That mismatch is a real security issue because it obscures the skill's operational capabilities, prevents proper consent and policy enforcement, and can enable unexpected filesystem or command execution in environments that rely on declared permissions for isolation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal