ClawHub

All Documents QA

Security checks across malware telemetry and agentic risk

Overview

This skill reads user-selected documents to prepare question-answering context, with no evidence of hidden network access, credential use, persistence, or destructive behavior.

Install only if you are comfortable with the contents of selected documents being shown to the agent and potentially captured in terminal logs. Prefer single files or tightly scoped folders, avoid mixed confidential directories, and verify the separate PDF-reader skill and Python dependencies before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The code processes .xlsx files even though the skill metadata says it supports only PDF, DOCX, and TXT. This hidden capability expands the data-access surface beyond user expectations, which is a security issue in agent skills because users may unknowingly expose spreadsheet contents, including sensitive structured data.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill delegates processing to multiple external scripts, including a sibling skill, creating a trust boundary that is not surfaced in the metadata. In a skill ecosystem, invoking code outside the current skill can increase attack surface and make behavior depend on external components that may change or be compromised.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages users to provide a file or folder path and states that all relevant text will be extracted and presented as context, but it does not clearly warn that this may ingest and expose sensitive contents from every supported document in the selected path. In a document-QA context, folder-level processing materially increases risk because users may unintentionally include confidential reports, HR files, financial spreadsheets, or other sensitive documents in the extracted context.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function recursively processes all supported files in a user-supplied folder and aggregates their contents without any in-code confirmation, filtering, or warning about the scope of data access. In this skill context, that increases the chance of accidental over-collection of sensitive documents because folder processing can sweep in more content than the user intended to share.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script prints the full extracted document contents to stdout, which can expose sensitive information from uploaded files into terminal history, logs, orchestration systems, or other downstream consumers. In a document-QA skill, uploaded documents are likely to contain confidential business or personal data, so this behavior materially increases data leakage risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal