ClawHub
Back to skill

Security audit

Gxpcode Translator

Security checks across malware telemetry and agentic risk

Overview

This translation skill is mostly purpose-aligned, but it silently keeps full translation contents in local logs and uses cloud OCR/token storage in ways users should review before installing.

Install only if you are comfortable with the skill writing persistent config, storing a PaddleOCR token locally, sending PDFs to a cloud OCR flow, and retaining full originals/translations in local log files. Avoid using it for confidential or regulated documents unless you first disable or change logging and confirm the OCR path is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to collect user input and persistently modify `config.json`, including paths and execution-related settings, and also references dictionary file maintenance. Persistent local file modification expands the skill from translation into local state management, which can be abused to alter future behavior or redirect outputs to sensitive locations if inputs are not constrained.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill requests and stores an external OCR API token in local configuration, creating credential-handling behavior. Storing tokens in plaintext config and using them for remote processing increases the risk of credential leakage and unintended reuse, especially since the skill also has file-write and network capabilities.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The module explicitly persists the full source text, full translated text, matched terms, and PDF metadata to a timestamped log file. That materially expands the skill from translation into silent data retention, creating confidentiality and privacy risk if users submit sensitive documents, contracts, or internal PDFs.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill makes logging mandatory and silent after every translation, but the stated purpose is translation, not archival storage of user content. This mismatch increases the risk of collecting data beyond user expectations, which can expose sensitive content and create compliance issues.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script persistently writes the full source text, full translated text, matched terms, and PDF metadata to disk under a logs directory. For a translation skill, this creates unnecessary data retention of potentially sensitive user content and file paths, increasing confidentiality and privacy risk if the host, workspace, or logs are later accessed by other users, processes, or backups.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger keywords include broad everyday terms such as “翻译”, “词典”, and “glossary”, which can cause the skill to activate in contexts where the user did not intend to invoke this tool. Unintended invocation is risky here because the skill has file, web, and PowerShell capabilities and may begin configuration or content-processing flows on unrelated conversations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language activation guidance is ambiguous because phrases like '翻译这段话' or 'translate this' do not clearly constrain input type, destination, or whether attachments should be processed. In this skill, ambiguity is more dangerous because activation can lead into multi-step PDF workflows using external OCR, local file writes, and shell execution.

Missing User Warnings

High
Confidence
96% confidence
Finding
The README states that PDF translation uses PaddleOCR API but does not provide a clear, up-front warning that document contents may be transmitted to a third-party service. This is dangerous because users may submit sensitive or regulated documents under the assumption processing is local, causing confidentiality, compliance, or contractual violations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad natural-language patterns like '翻译这段话' and 'translate this', which are likely to overlap with ordinary conversation. Overbroad activation can cause the skill to engage unexpectedly, leading to unintended file access, configuration prompts, remote OCR use, or persistence actions in contexts where the user did not clearly intend to invoke this high-capability workflow.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill describes writing persistent configuration to `config.json` but does not clearly warn the user that local files will be modified and retained across sessions. This weakens informed consent and can surprise users with lasting state changes that affect later behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes use of an online OCR API for PDF processing without a clear privacy warning that document contents will be transmitted to a third-party remote service. For translation of potentially sensitive PDFs, this can expose confidential data and create compliance issues, especially since the document itself notes some content may require confidentiality.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The module sends PDF content to a cloud OCR API but only notes that the API may take time, not that document contents leave the local system. This creates a real confidentiality and compliance risk because users may provide sensitive PDFs without informed consent, especially in a translation workflow that encourages document upload and automated processing.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instructions store full source and translated text plus PDF path/page metadata in a persistent log without any user-facing warning. Silent retention of complete user-provided content is dangerous because it can capture secrets, personal data, or proprietary files and leave them exposed on disk beyond the translation session.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file write persists translation content to disk without any user-facing disclosure or consent mechanism. In this skill context, users may submit confidential documents or PDFs for translation, so silent persistence materially increases the chance of accidental data exposure, retention beyond user expectations, and compliance/privacy issues.

Ssd 3

High
Confidence
99% confidence
Finding
The module requires persistent storage of complete user content and related metadata in log files, which is a direct data-exposure risk. In the context of a translation skill that accepts arbitrary text and PDFs, this can capture highly sensitive material and create a durable local record that may be accessed by other users, processes, backups, or forensic review.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.