ClawHub

Abstract Summarizer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent academic abstract summarizer, but URL fetching and unpinned dependencies should be handled carefully.

Prefer local files or pasted text for sensitive or embargoed research. If using URL mode, only fetch paper URLs you intend to contact, and consider running in an environment with outbound network limits. Pin and review dependency versions before installing, especially for PDF parsing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
70% confidence
Finding
The skill advertises a `--url` parameter and URL-based input but does not document any restrictions, validation, or safeguards around outbound requests. If implemented naively, arbitrary URL fetching can introduce SSRF-style risk, internal network access, or unintended metadata leakage, which is more dangerous than ordinary local summarization behavior.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The script accepts a user-supplied URL and fetches arbitrary remote content with `requests.get`, which expands the skill's capabilities beyond local summarization into unrestricted network access. In agent or hosted environments, this can enable SSRF-style access to internal services, metadata endpoints, or other unintended network targets, especially because there is no allowlist, scheme restriction, or destination validation.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Arbitrary URL retrieval is a real security concern here because the skill's stated function is summarizing academic papers, yet the implementation can be used as a general-purpose network fetcher. That mismatch makes the feature more dangerous in agent contexts: a caller may unintentionally grant the skill outbound network reach that can be abused to access sensitive internal resources or retrieve non-paper content for downstream processing.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README documents URL fetching without warning that remote requests expose network metadata such as IP address, user agent, and access timing to external servers. In research or enterprise contexts, even the act of retrieving a paper can leak sensitive interests, internal usage patterns, or target URLs, so omission of this warning creates a real privacy/security weakness.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pypdf2
requests
Confidence
95% confidence
Finding
pypdf2

Unpinned Dependencies

Low
Category
Supply Chain
Content
pypdf2
requests
Confidence
94% confidence
Finding
requests

Known Vulnerable Dependency: pypdf2 — 5 advisory(ies): CVE-2023-36464 (pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a chara); CVE-2023-36807 (PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects); CVE-2023-36810 (PyPDF2 quadratic runtime with malformed PDF missing xref marker) +2 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
pypdf2

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal