ClawHub

Project Analyzer Generate Doc

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Java project documentation skill, but users should review its repository-write behavior and one inconsistent merge instruction before use.

Install only if you want an agent to read a selected Java/Maven repository and write generated documentation, state, and logs into `.ai-doc`. Review any migration or merge plan before approving it, consider using a custom output path outside the repository for sensitive projects, and do not run the PowerShell npm script unless you trust the local artifact and understand the execution-policy bypass.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The changelog explicitly records a prior feature described as a 'Security workaround' using bash-based reading of protected files. Even though a later version says this wording was removed, documenting such behavior in a file-reading/documentation skill strongly suggests the skill previously contemplated bypassing access controls, which is a serious security concern because it could enable unauthorized file access or normalize control evasion.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill’s main workflow correctly requires explicit user confirmation before any move, merge, or delete action in `.ai-doc`, but the later TOOLS.md summary contradicts that by stating document migration is automatic. In agent systems, concise config summaries are often treated as authoritative operational guidance, so this inconsistency can cause unintended file modifications without informed user consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The npm script launches PowerShell with `-ExecutionPolicy Bypass`, which disables an important host-side safeguard and allows unsigned or restricted scripts to run without policy enforcement. In a documentation generator, this capability is broader than necessary and increases the risk that a local or modified `scripts/generate-l3-doc.ps1` executes with fewer protections, especially in CI or on developer workstations.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The changelog states that the skill automatically writes a JSON state file and Markdown task log to disk, but this file gives no indication of user notice, consent, or safeguards around what gets persisted. In a documentation generator that processes source trees, silent persistence can expose sensitive code structure, filenames, progress metadata, or operational details on disk where other users or processes may access them.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation examples are phrased very broadly ('generate business logic docs for E:\projects\mgmt-api-cp') and do not clearly constrain when the skill should run or require explicit confirmation before scanning and writing files. In an agent setting, overly broad triggers can cause unintended execution on arbitrary local paths, leading to unplanned repository analysis and downstream file modifications in the target project.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly describes creating and merging documentation under the target project's `.ai-doc` directory, but it does not prominently warn that the skill will modify files inside the analyzed repository. In a developer workstation context, silent writes and merges into a live project can contaminate repos, overwrite prior generated content, or create accidental commits of sensitive architectural information.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation trigger includes broad phrases such as '理解这个工程' that can match ordinary analysis requests and cause the skill to activate unexpectedly. Because this skill performs extensive filesystem scanning, state tracking, and may propose file migration actions, over-broad invocation increases the chance of unintended execution and user surprise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal