ClawHub

Universal Document Ingestion Router

Security checks across malware telemetry and agentic risk

Overview

This is a local document parsing router that reads user-specified files and writes parsed outputs, with no evidence of hidden network use, credential access, persistence, or destructive behavior.

Install this only if you want agents to parse local documents into knowledge-base-ready files. Use narrow input directories, choose output locations carefully, and avoid --copy-sources for confidential material unless you intentionally want retained source copies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares only the `exec` tool, but the documented behavior and CLI usage clearly imply reading arbitrary input files and writing parsed outputs such as `document.json`, `document.md`, `chunks.jsonl`, and batch artifacts. This permission mismatch weakens policy enforcement and auditing because an agent may execute a script that performs file read/write operations not explicitly declared in the skill metadata.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The integration note tells agents to invoke this skill automatically for a very broad set of common document-related tasks, including document search and knowledge-base enrichment, without requiring user confirmation or tighter capability scoping. In an agent ecosystem, overly broad auto-invocation guidance can cause inappropriate routing, unnecessary file processing, and expanded access to potentially sensitive documents beyond the minimum needed task path.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The parser writes extracted document text into document.md and chunk files on disk, which can expose sensitive source content to unintended readers, backups, or downstream tooling. In a document-ingestion skill, this is especially relevant because the inputs are likely to include confidential business or personal documents, and the script does not provide user-facing disclosure, redaction, or output-protection controls.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
When --copy-sources is used, the script stores full original documents in a samples directory, creating an extra unredacted copy of potentially sensitive files. This increases data-retention and exposure risk because source documents may remain accessible after processing, be swept into backups, or be read by other users on the system.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal