ClawHub

Aliyun Docmind Extract

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud DocMind helper that uses disclosed cloud credentials and sends user-selected documents or URLs to DocMind for parsing.

Install this only if you intend to use Alibaba Cloud DocMind for document parsing. Use limited-scope Alibaba Cloud keys, confirm the endpoint and region before handling sensitive files, avoid submitting confidential or long-lived public URLs unless approved, and review or delete saved outputs if they contain private document content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs use of Alibaba Cloud credentials via environment variables and accesses them in code, but does not declare permissions/capabilities for that sensitive operation. This creates a transparency and governance gap: an agent or reviewer may not realize the skill can read cloud secrets and make authenticated external API calls, increasing the chance of unintended credential use or data exfiltration through the documented workflow.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The validation section claims to validate a Node.js-based DocMind skill, but the provided commands only compile Python files and never exercise the Node.js examples or scripts. This can let broken or unsafe JavaScript changes pass as 'validated,' weakening assurance and allowing defects in credential handling, polling logic, or API interaction to slip through unnoticed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script takes a document URL from an environment variable and submits it to a third-party cloud parsing service without any explicit consent, validation, or warning. In a document-understanding workflow, this can cause sensitive internal documents or pre-signed URLs to be sent to an external provider unexpectedly, creating confidentiality and compliance risk.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal