ClawHub

Academic Paper Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate paper-analysis aid, but it automatically stores document-derived table data in a local database without clear consent or deletion controls.

Review before installing. Use this only if you are comfortable with analyzed PDFs contributing table-layout information to a persistent local database. Avoid confidential, unpublished, proprietary, sensitive, or licensed papers unless the skill is modified so storage is explicit, optional, and easy to delete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill introduces mandatory, automatic database writes to a local path unrelated to the manifest’s stated paper-analysis purpose. Hidden persistence is a real security and privacy risk because user-supplied document content and derived metadata may be stored without consent, creating data retention and exfiltration opportunities beyond the requested analysis task.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill directs the agent to build and maintain a reusable methods database, which is context-inappropriate for a one-off paper-analysis skill and creates persistent side effects. This expands the trust boundary from transient analysis into long-term storage of potentially copyrighted, sensitive, or proprietary document structure and content-derived data without clear authorization.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The manifest description uses broad, common phrases for invocation, making unintended activation plausible during ordinary conversation. In this skill, that is more dangerous because activation triggers downstream behaviors like mandatory translation and database-related extraction logic, increasing the chance of accidental processing and storage of documents the user did not intend to handle this way.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation section combines generic phrases with attachment-based triggering and lacks clear boundaries, so the skill may auto-run on PDFs or vague requests without informed user intent. Because the skill prescribes extensive extraction, translation, and persistent storage behavior, accidental activation materially raises privacy and integrity risks.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill omits any user-facing warning that analysis will automatically write extracted table-layout data into a persistent database. Undisclosed persistence is dangerous because users may submit confidential or copyrighted papers expecting ephemeral analysis, while the system silently retains derivative data on disk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The note makes database writing mandatory and automatic, but provides no warning or consent mechanism despite introducing persistent side effects. This is particularly risky in a document-analysis context because uploaded papers may contain sensitive unpublished research, regulated data, or licensed content that should not be silently retained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal