ClawHub

interactive-document-writing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chinese-language workflow for collaboratively writing long documents; it can read and edit project documents and keep a local progress file, but I found no hidden code, credentials, network use, or destructive behavior.

Install this if you want a structured Chinese-language, chapter-by-chapter writing workflow. Use it in the folder containing only the documents you want the agent to read or edit, review the generated Markdown before relying on it, and delete or exclude the .doc-progress file if it contains sensitive planning details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger text is very broad and explicitly says even generic requests like writing a document with more than three chapters should invoke this skill. That can cause the agent to route ordinary writing tasks into a rigid workflow unexpectedly, creating prompt-scope hijacking and reducing user control over tool selection and behavior. In context this is not code-execution dangerous, but it is a real security/quality issue because overbroad activation can override user intent and expand file-reading/stateful behavior unnecessarily.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Resume phrases such as 'continue writing the document' or 'pick up the last document' are ambiguous in normal conversation and may activate state-recovery logic even when the user merely means continue within chat. In this skill, such activation can trigger workspace searches for progress files and document reads, which increases the chance of unnecessary context expansion or accidental access to unrelated local files.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
Mandating Chinese as the default communication language without explicit user opt-in can override the user's preferred language and cause misunderstanding of instructions, especially in multilingual or compliance-sensitive contexts. This is primarily an autonomy and usability security issue: it may degrade accuracy, conceal important workflow actions, and interfere with informed consent when reading, writing, or resuming documents.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The example session is entirely in Chinese and presents the interaction flow as the expected default without offering any user language choice or documenting a justified locale limitation. In a generally applicable document-writing skill, this can exclude or confuse users, lead to unintended disclosure through misunderstood prompts, and create accessibility/compliance issues in multilingual environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal