ClawHub

content-extraction

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed content-extraction helper that routes URLs and documents to expected extraction tools and may save long Markdown outputs locally.

Install only if you are comfortable with the skill using browser, Feishu, transcript, and web-fetch style tools to access the content you provide. Avoid sending confidential documents through generic URL fallbacks, and review or delete saved Markdown files under the local extraction output path when handling sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill explicitly describes network-capable behavior such as fetching URLs, using remote services like r.jina.ai, Feishu tools, YouTube transcript retrieval, and browser-based fallbacks, but the manifest does not declare corresponding permissions. Undeclared network capability weakens transparency and policy enforcement, making it easier for a user or platform to underestimate what the skill can access externally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly recommends saving long extracted content to a local Markdown file by default, but it does not warn users that potentially sensitive third-party content may be written to persistent local storage. In a content-extraction skill, inputs can include private Feishu documents, web pages, or transcripts, so silent disk persistence increases the risk of unintended data retention, local disclosure, and policy/privacy violations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The design principle '默认保存' reinforces a default save-to-disk behavior without any accompanying notice, consent flow, or retention guidance. Because this skill handles extracted content from documents and URLs that may contain confidential or copyrighted material, default persistence makes the context more dangerous than a transient-only processing workflow.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill states it 'saves long content locally when needed' and includes 'save path when content is long' in its output contract, but provides no user warning, consent flow, retention policy, or storage constraints. Writing extracted remote content to disk can create privacy, data handling, and persistence risks, especially if sensitive Feishu or web content is stored automatically in predictable or insecure locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal