ClawHub

thu-thesis

Security checks across malware telemetry and agentic risk

Overview

This thesis converter is mostly coherent, but it ships real-looking thesis output files containing identifiable personal and academic details that are not needed for the skill to work.

Install only after reviewing or removing the bundled output/ files if you do not want other people’s thesis or resume data stored locally. Run setup in a controlled workspace, review generated citations and LaTeX changes before submission, and compile LaTeX with filesystem isolation where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
env['PATH'] = extra_path + ':' + env.get('PATH', '')

    def xelatex():
        result = subprocess.run(
            ['xelatex', '-interaction=nonstopmode', 'thesis.tex'],
            cwd=latex_dir, env=env,
            capture_output=True, text=True
Confidence
89% confidence
Finding
result = subprocess.run( ['xelatex', '-interaction=nonstopmode', 'thesis.tex'], cwd=latex_dir, env=env, capture_output=True, text=True )

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The document contains direct personal and academic information about an identifiable individual, including name, birth date, education history, student number, affiliation, and signatures. In a skill artifact, this is sensitive data exposure with no software-behavior need shown, creating privacy, doxxing, profiling, and identity misuse risk if the file is distributed or indexed.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The file discloses third-party reviewer and committee information that appears unrelated to any operational skill requirement. Exposing names, roles, and institutional associations of uninvolved individuals increases privacy risk and can enable targeted phishing, harassment, or unwanted attribution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented setup process includes destructive replacement of `assets/databk/` via `rm -rf ... && cp -r ...` without a clear safety warning, backup step, or confirmation. If users have local modifications or curated reference data in that directory, rerunning setup will silently erase them, causing integrity loss and potentially breaking downstream conversions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal