ClawHub
Back to skill

Security audit

Word To Jpg

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform Word-to-JPG conversion, but it can process a recent Word file and delete prior images in its output folder without a clear confirmation step.

Install only if you are comfortable with local Microsoft Word automation and fixed-folder outputs. Use explicit file paths for sensitive documents, move any generated images you want to keep before rerunning the skill, and delete the temporary source copy after conversion if the document is confidential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad, generic requests like 'convert to image' and 'convert to JPG,' which can match normal conversation and invoke the skill when the user did not intend to run this specific workflow. Because the skill may automatically pick the latest received Word document, broad triggering increases the chance of unintended file processing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that it will automatically find the latest received Word document, but this behavior is not surfaced as a clear warning in the description or invocation guidance. Automatic selection of a recent file can lead to accidental conversion of the wrong document, exposing sensitive contents through generated JPGs in a predictable output location.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script unconditionally deletes all .jpg and .png files in the shared output directory before writing new output. This can destroy unrelated user data or prior conversion results without warning, which is especially risky in an agent skill that may run automatically against a persistent workspace.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.