ClawHub

content-batch-processor(批量内容处理工具,支持文本格式化、摘要生成、关键词提取、文件格式转换等批处理操作,提升内容工作效率。)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate batch content-processing skill, but it requests broad file-changing and command-execution authority without enough scoping or safety guidance.

Install only if you are comfortable granting broad local file-processing authority. Use it on copies or a dedicated output folder, avoid confidential documents unless you understand where content may be processed, and require explicit confirmation before overwrites, renames, batch edits, or any command execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill is described as a batch content-processing tool, but its manifest includes the exec capability, which is not necessary for formatting, summarization, keyword extraction, or translation. Granting command execution to a broadly triggered skill creates an unnecessary path to arbitrary local command execution if the skill is invoked on attacker-controlled content or misused by the agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill includes examples that overwrite files in place and batch-rename files without any safety guidance, confirmation step, backup recommendation, or path restrictions. In an agent setting, this can lead to unintended destructive changes to user data at scale if the examples are followed or adapted directly, especially because the declared capabilities include both read and write operations.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are very broad and overlap with common requests such as text processing, formatting, and summarization, making accidental invocation more likely. In combination with elevated capabilities like write, edit, and exec, broad triggers increase the chance that the skill activates in contexts where the user did not intend to grant file modification or execution powers.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The manifest requests write, edit, and exec capabilities without any visible disclosure or warning to users, despite presenting itself as a productivity/content-processing tool. This mismatch can mislead users and downstream systems about the skill's real authority, increasing the risk of unauthorized file changes or command execution under the guise of benign text processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal