ClawHub

文档整理技能 (convert-markdown)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed document-to-Markdown conversion skill; its file access and optional media/URL features fit that purpose, though users should handle sensitive documents carefully.

Install in a virtual environment, use narrow input and output folders, and review generated Markdown/catalog files before sharing them. Avoid processing sensitive documents, images with GPS metadata, or remote URLs unless you are comfortable with the optional tools and network behavior involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation instructs users to run shell commands and write converted output files, but the skill declares no permissions. This creates a transparency and governance gap: an agent or user may authorize or execute file-writing and shell-capable behavior without an explicit permission model, making misuse or unexpected side effects harder to assess.

Context-Inappropriate Capability

Medium
Confidence
75% confidence
Finding
Documenting YouTube download/URL handling introduces network retrieval capability that is materially different from offline document conversion. In an agent setting, this can expand the attack surface to remote content fetching, unexpected data egress, licensing/compliance issues, or SSRF-like misuse if arbitrary URLs are later supported through similar workflows.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The API reference exposes a `YoutubeConverter` that accepts remote URLs, which expands the skill from local document/file conversion into network retrieval and external content processing. In an agent context, this can cause unintended outbound network access, fetch untrusted remote content, and bypass user expectations or manifest-level scope restrictions for a document-conversion skill.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Documenting network-based YouTube conversion in a skill described as batch conversion of files introduces a hidden capability mismatch. In practice this can let an agent perform external requests and process attacker-controlled remote media/transcripts, increasing SSRF-like exposure, data egress risk, and surprise behavior beyond the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documentation explicitly advertises support for YouTube URLs, including downloading remote content and extracting subtitles/audio. That expands the skill from local document conversion into network-enabled retrieval and processing, which changes the trust boundary and can surprise users or operators who expect only offline file handling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises OCR, audio transcription, YouTube handling, and MCP/LLM integration without warning about potential privacy or network-transmission risks when processing sensitive files. Users may assume all processing is local, while some dependencies or integrations can involve remote downloads, model calls, or external services, leading to unintended disclosure of confidential content or metadata.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The file states that image processing extracts EXIF metadata including GPS coordinates, which may expose precise location and device information from user-supplied images. Without a privacy warning or minimization guidance, users may unknowingly process and surface sensitive metadata into downstream markdown outputs or logs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The YouTube section describes downloading videos and extracting subtitles/audio transcripts but does not disclose that this performs external network retrieval. That omission can lead to unexpected outbound requests, handling of untrusted remote media, and compliance or privacy issues in environments that assume local-only processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal