ClawHub

美光车险PDF转Excel

Security checks across malware telemetry and agentic risk

Overview

This is a local car-insurance PDF-to-Excel extractor that handles sensitive personal data, but its main behavior is disclosed and no hidden networking, credential access, or automatic privileged execution was found.

Install only if you are authorized to process these insurance PDFs. Treat both the source PDFs and generated Excel workbook as sensitive records, store them in an access-controlled location, delete outputs when no longer needed, and review results for misattribution caused by filename fallback or same-car field completion. Do not run optimize_patch.py or optimize_v2.py unless you intentionally want to modify the local extractor code and have reviewed the changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script extracts highly sensitive personal data such as ID numbers and phone numbers, then propagates those values across records and outputs them to a consolidated Excel file. This increases privacy risk, expands the blast radius of a single bad extraction, and can expose or mis-associate regulated personal data at scale.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code derives personal data such as insured names and license plates from filenames, which are less trustworthy than document contents and may contain stale, manipulated, or externally injected values. This can lead to incorrect attribution, silent privacy leakage, and contamination of the exported dataset with unverified identity data.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script performs cross-document identity enrichment, backfilling, and majority-vote correction across records using vehicle and insurer correlations. That behavior can amplify a single extraction error into many records, merge identities across documents without consent, and create a larger aggregated personal-data dataset than any single source file provided.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly processes highly sensitive personal and insurance data, including names, ID numbers, phone numbers, VINs, license plates, policy numbers, and policy dates, then exports them into a spreadsheet. Documentation that normalizes this workflow without any privacy, access-control, retention, masking, or secure-storage guidance increases the risk of unauthorized disclosure, misuse, and noncompliant handling of regulated personal information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script unconditionally overwrites run_extract.py in place, which is dangerous because running it permanently modifies application code without prompting, backup, or integrity verification. In an agent/skill context, self-modifying or repository-modifying behavior increases risk since a user or downstream automation may execute it expecting a harmless optimization, yet it silently changes trusted code and can break workflows or introduce hard-to-review behavior changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal