ClawHub
Back to skill

Security audit

SPSS Data Cleaning Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Chinese-language SPSS data-cleaning assistant that works on user-provided datasets and does not show hidden access, persistence, or unrelated behavior.

Use this on a copy of the original dataset, review the proposed cleaning plan before approving changes, and be careful with sensitive personal or research data. Install the suggested Python packages in an isolated environment, and use the skill only if Chinese-language prompts and reports are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly performs destructive data-cleaning actions such as deleting samples or variables, recoding values, and converting types, but it does not warn users up front that uploaded data may be modified or reduced. In a data-processing skill, this omission can cause users to approve or rely on transformations without understanding that original information may be lost, leading to integrity and reproducibility problems.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The description is written as Chinese-only behavior and does not state that users can choose another language or that the restriction is intentional. This can cause users to misunderstand cleaning recommendations, confirmation prompts, or reports, which is particularly risky in a workflow that can delete records or change variable encodings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.