ClawHub

Paper Framework Figure Studio Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed research-figure workflow skill with no executable installer; the main cautions are language rigidity and sharing paper material with image-generation tools.

Reasonable to install as a workflow helper. Before using it with unpublished papers or proprietary reference images, make sure the image-generation provider you use is acceptable for that material. Expect a rigid multi-step process that defaults to several candidate images and may produce Chinese section labels unless you explicitly ask for another language.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The example turn is written entirely in Chinese and presents the workflow/state prompts in Chinese without indicating that language should be user-selectable or tied to a documented locale requirement. In a general-purpose research-figure skill, forcing one language can mislead users, reduce transparency of system state, and cause incorrect user approvals or workflow decisions when they cannot reliably read the guidance.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The example hard-codes Chinese-language interaction and suggested prompts without offering any user language selection or fallback. This can cause misrouting, user confusion, and exclusion of users who do not read Chinese, and in an agent setting it may push downstream behavior into an unintended language mode without explicit consent.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The example content is entirely in Chinese and explicitly instructs the user to invoke the skill using Chinese prompts, without offering any language choice or documenting a locale-specific requirement. This can exclude users, cause misunderstanding of workflow constraints, and increase the chance that users approve actions or provide sensitive material without fully understanding the process.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The example output is written entirely in Chinese and instructs the interaction flow in Chinese without presenting any user-language choice or documenting a product requirement for a Chinese-only experience. In a general-purpose agent skill, this can cause user confusion, reduce informed consent around workflow steps, and create accessibility/usability failures that may lead users to approve actions or outputs they do not fully understand.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The starter messages are written only in Chinese and implicitly steer interaction into a single language without offering a language-selection path. This can exclude users, cause misunderstanding of important workflow or safety constraints, and make the skill behave inconsistently for users who cannot read or verify the prompts they are invoking.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The template hard-requires a Chinese-language footer in every TEXT_ONLY reply without any indication that the user's language preference should be honored. This can cause unwanted language switching, reduce clarity for non-Chinese-speaking users, and create accessibility/usability issues that may lead users to misunderstand workflow state or instructions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction 'Use whatever the user provides' is overly permissive and lacks routing or validation boundaries, which can cause the skill to activate on arbitrary untrusted input rather than only on well-scoped figure-design requests. In an agent skill, this broad trigger/ingestion language increases the chance of prompt injection, misrouting, or unsafe handling of adversarial content supplied as paper text, captions, or image references.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal