ClawHub
Back to plugin

Security audit

DocGenius

Security checks across malware telemetry and agentic risk

Overview

DocGenius mostly behaves like a paid document-template generator, but it verifies payment tokens through an unsecured raw-IP HTTP gateway.

Review before installing. The skill appears to generate document prompts only after payment, but your payment transaction token would be sent to a raw-IP HTTP server where it could be observed or altered on the network. Use only if you trust the publisher and gateway, and prefer an HTTPS-configured gateway before submitting any payment token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends the user-supplied payment token and skill identifier to an external server for verification, but the tool UX does not clearly disclose that the token will be transmitted off-platform to a third party. Because the configured default gateway is plain HTTP, this disclosure issue is compounded by network interception risk: a payment token may be exposed to the gateway operator or anyone able to observe traffic, enabling tracking, replay, or fraudulent verification abuse.

Missing User Warnings

High
Confidence
99% confidence
Finding
The default payment gateway uses plain HTTP, so payment verification traffic is sent without transport encryption. An attacker on the network path can read or tamper with the token and server response, potentially causing token theft, false payment validation results, or user tracking.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description is extremely broad and markets the skill as a general-purpose professional document generator without defining clear task boundaries, activation criteria, or safety constraints. In agent ecosystems, vague scope can cause over-invocation, unintended handling of sensitive business/legal content, or user confusion about when the skill should be trusted for contracts and proposals.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The manifest hardcodes pricing in Chinese yuan and references Alipay and a payment gateway without offering alternatives or explaining a legitimate regional limitation. This can pressure users into a specific payment ecosystem, create fairness and transparency issues, and increase phishing or trust concerns when paired with an external gateway URL.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal