ClawHub
Back to skill

Security audit

Paper To Table

Security checks across malware telemetry and agentic risk

Overview

This skill appears designed for legitimate paper-to-table extraction, but its batch logging can save excerpts of paper text locally without making that retention clear to users.

Review before installing if you will process confidential, unpublished, copyrighted, or sensitive papers. The main issue is local retention: batch runs can save excerpts of paper text in JSON logs, so choose the output folder carefully and delete logs when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description uses broad trigger phrases such as general requests to extract papers to tables or organize literature, which can cause the skill to activate in contexts the user did not intend. Over-broad activation can route unrelated documents or prompts into this workflow, increasing the chance of unintended file processing, privacy issues, or incorrect task execution.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The batch result intentionally stores a preview of extracted paper text in `result['llm_input']['paper_text']`, and the full `results` structure is then serialized to the JSON log file after each paper. This can persist potentially sensitive or copyrighted source content to disk without minimization, consent, access controls, or redaction, increasing the risk of unintended data exposure through local file access, backups, or log collection systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal