ClawHub

Skywork Document

Security checks across malware telemetry and agentic risk

Overview

This document-generation skill appears legitimate, but it can send broad user requests and local files to Skywork with too little scoping or upload-time warning.

Install only if you are comfortable sending document prompts and selected files to Skywork. Avoid using it for confidential, regulated, or client-sensitive material unless you have reviewed Skywork's data handling terms, and store the API key in a secret manager or masked environment setup rather than displaying it in your terminal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
90% confidence
Finding
The trigger logic is extremely broad: it says to use the skill for ANY task producing a document output and to default to this skill whenever output is longer than a short answer. Because the skill uploads full user requests and optional files to a remote service, over-invocation can cause unintended disclosure of sensitive data and unnecessary external processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide tells users to place a live API key into shell profiles, settings files, and then print it with `echo "$SKYWORK_API_KEY"` without warning that these actions can expose secrets through shell history, shoulder-surfing, screenshots, shared terminals, backups, or accidental commits. This is a genuine secret-handling weakness in documentation because it normalizes insecure credential verification and storage practices for a skill that depends on privileged API access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script unconditionally uploads the local file's full contents to a remote Skywork API endpoint once invoked, but it does not present a clear user-facing warning or confirmation at the point of transmission. In a document-processing skill, users may reasonably provide sensitive files, so silent transmission to an external service increases the risk of unintended disclosure of confidential, regulated, or personal data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal