ClawHub

代码自动运行和修复

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can run and re-run Python, C, and assembly code on the user’s machine without sandboxing or approval gates.

Install only if you intend to run code locally through this skill. Use it in a disposable sandbox, VM, or container, and do not submit secrets, private keys, proprietary code, or untrusted code unless local execution and LLM processing are acceptable. Review repaired code before allowing it to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def safe_run(cmd, timeout=10):
    try:
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
Confidence
79% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=timeout, shell=False )

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill exposes tools that execute arbitrary user-supplied Python, C, and assembly code, including compiling and running native binaries. In the absence of strict isolation, this is full remote code execution on the machine hosting the skill, with potential for data theft, persistence, lateral movement, and host compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly supports automatic execution of Python, C, and assembly code and automatic modification of user-supplied code, but it provides no warning about the security risks of executing untrusted code or silently altering code semantics. In this context, the omission is dangerous because users may submit arbitrary code expecting debugging help, while the skill can run highly dangerous payloads and return modified code that introduces persistence, exfiltration, or unsafe system behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends user code and error content to an external LLM service without any visible disclosure or consent. That creates a confidentiality risk because proprietary source code, credentials embedded in code, or sensitive error traces may be transmitted to a third party unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This tool executes user-provided Python code with no visible warning, consent boundary, or safety guardrails. Given the skill context, that means any caller can trigger arbitrary interpreter execution on the host, which is substantially more dangerous than a normal subprocess invocation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill compiles and runs user-provided C code, producing native executables that run directly on the host. Native code execution is especially dangerous because it bypasses interpreter-level constraints and can perform arbitrary syscalls, interact with the filesystem, and attack the environment directly.

Missing User Warnings

High
Confidence
99% confidence
Finding
The assembly tool assembles, links, and executes attacker-controlled machine code. In context, this is effectively unrestricted native code execution with maximal control over process behavior, making host compromise highly likely if exposed to untrusted users.

Ssd 1

High
Confidence
89% confidence
Finding
User-controlled code and error text are embedded directly into the repair prompt sent to the LLM, so an attacker can place prompt-injection instructions inside code comments or crafted error messages. That can manipulate the model into returning harmful, misleading, or policy-bypassing output, which is especially risky because the returned code is then re-executed automatically.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal