ClawHub
Back to skill

Security audit

Wps Office Suite

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WPS Office automation guide, with disclosed file creation, editing, conversion, and batch-processing commands but no hidden executable payload in the artifact.

Install only if you intend to let an agent create, edit, sort, filter, export, or batch-convert local Office documents. Run it on copies or a narrow working folder first, and separately review any referenced scripts because this package only includes the instruction file, not the implementation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prominently documents commands that create, edit, export, and overwrite office documents, but it does not warn users that these operations may modify existing files or write new outputs. In an agent setting, this increases the risk of unintended file changes because users may treat examples as safe read-only actions when they are actually state-changing operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented batch conversion command can process an entire directory of files, yet the skill provides no warning about the scope of impact, output behavior, or risk of mass modification. In automation contexts, bulk file operations are especially dangerous because a mistaken path or format choice can affect many files at once before the user realizes the consequences.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.