ClawHub

hybrid-smart-fill

Security checks across malware telemetry and agentic risk

Overview

This is a local Word/Excel template-filling skill whose file reads, generated outputs, and business-data handling are disclosed and aligned with its purpose.

Install only if you want local batch filling of business Word/Excel templates. Before running, use copies of templates, update the hardcoded paths and company placeholder replacement, run on one file first, and review the generated documents and terminal output for sensitive or incorrect values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill markets itself mainly as retrieval and matching, but the documentation shows it also performs bulk local file scanning, modification, and saving of Word/Excel templates, plus hardcoded content replacement. That mismatch is dangerous because users may authorize or invoke it expecting analysis/search behavior, while it actually changes local documents and can cause unintended data alteration or overwrite at scale.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README explicitly instructs users to run an automatic document-filling workflow and states that filled files are saved, but it does not warn that generated content may be incorrect, incomplete, or contextually mismatched. For a skill that populates Word/Excel business documents from a knowledge base, omission of a verification warning can lead users to trust and submit altered documents containing factual errors or unintended replacements.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that running the filler saves filled files to an output directory, but it does not provide a prominent warning that execution triggers automatic modification and generation of document outputs. This can lead to accidental bulk changes, especially in workflows involving sensitive templates or when users assume the tool only evaluates matches.

Unbounded Output

Medium
Category
Output Handling
Content
The system generates:
- **Filled templates** in the output directory (marked with "已填写" suffix)
- **Fill log** showing all field matches and replacements
- **Statistics**: Total fields filled, success rate, XX基金 replacement count

## Bundled Scripts
Confidence
72% confidence
Finding
Fill log

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal