ClawHub

officecli-academic-paper

Security checks across malware telemetry and agentic risk

Overview

This is a document-generation skill, but it also tells the agent to automatically download and run an unpinned OfficeCli installer or updater from GitHub.

Review before installing. Use this only if you trust OfficeCli and are comfortable with an agent installing or updating software on your machine; safer use would require installing a pinned, reviewed OfficeCli release yourself and preventing automatic curl/bash or PowerShell installer execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill’s stated purpose is generating a single academic .docx, but it embeds mandatory network download, install, and upgrade behavior for external software. This expands the trust boundary far beyond document authoring and creates a supply-chain execution path where remote code is fetched and run on the host.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The instructions explicitly fetch an installer script from GitHub and execute it with bash/PowerShell, despite the skill only needing to author documents. Remote script execution is a classic supply-chain risk: if the source, transport, or referenced branch is compromised, arbitrary code executes with the agent’s privileges.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill normalizes remote installer execution as a required pre-step without any explicit warning, consent, or risk disclosure. Even if the source is legitimate today, silently downloading and executing external scripts increases the chance of unsafe deployment and reduces operator awareness of the security implications.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal