ClawHub

Word 打字机演示

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches a Word automation demo, but it includes unsafe document-handling behavior and demo workflows that could expose local files or email contents without clear safeguards.

Review this skill carefully before installing. Use it only in a controlled demo environment, with temporary Word documents and non-sensitive content. Do not run the bundled file/email workflow examples as-is, and avoid granting broad drive, email, messaging, or account access unless the workflow is redesigned with explicit confirmation, recipient checks, and data-sensitivity review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation indicates it reads a user-supplied content file via the `--file` argument, but no permissions are declared. This creates a transparency and consent problem: users and hosting platforms may not realize the skill accesses local files, which can lead to unintended disclosure of sensitive document contents if the agent is allowed to run with broad filesystem access.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script iterates over unsaved documents and may close them, and it may also reuse an existing unsaved document by deleting its content before writing demo text. Even though it launches a separate Word instance, the code still performs destructive actions on documents it did not explicitly create for this run, which can cause silent user data loss.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The comment states the script avoids affecting existing user windows by creating an isolated instance, but the subsequent logic still enumerates and modifies documents within that instance, including clearing reused unsaved documents. This mismatch increases operator trust while the code retains destructive behavior, making accidental data loss more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description explains Word automation features but does not clearly warn that it will write into an open Word/WPS document and may save output to disk. This can affect user files, create or overwrite documents, and surprise users in environments where Office automation has access to important local documents.

Missing User Warnings

High
Confidence
95% confidence
Finding
This workflow instructs the agent to read emails, aggregate departmental content, write reports to disk, and send results by email, but it includes no privacy notice, data-classification check, recipient verification, or user confirmation. That creates a clear risk of unauthorized access, processing, and exfiltration of sensitive business information, especially because the scenario is framed as a routine automated task.

Missing User Warnings

High
Confidence
97% confidence
Finding
The scenario tells the assistant to search all computer drives for a requested file and send it back, with no warning, authorization check, path restriction, or confirmation of data sensitivity. In practice, this could expose confidential, personal, or regulated files through simple chat prompts and turns normal messaging channels into a data-exfiltration path.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script auto-saves a generated document to disk, including deriving a filename on the Desktop when none is provided, without an upfront consent or warning. Unexpected file creation/modification is security-relevant because it changes the user's filesystem state and may overwrite expectations about where content is stored.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code deletes the contents of an existing unsaved document when reusing it, without warning or confirmation. This is directly dangerous because unsaved content may represent the user's only copy, and the deletion occurs silently as part of normal execution.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal