ClawHub

Word Vba

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Word automation skill, but it can silently open and overwrite local Word files without strong user controls or warnings.

Install only if you specifically need local Word automation on Windows. Use trusted documents, avoid .doc/.docm files from unknown sources, always set explicit new output paths, back up originals before batch operations, and install a current patched pywin32 version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples show direct creation and saving of Word documents to disk, but the skill description does not prominently warn users that invoking these flows can modify existing files or create new ones. In a skill that supports batch replacement, template filling, and document merging, missing warnings can lead to accidental overwrites, unintended data exposure, or destructive bulk changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The module writes full extracted Word contents to a JSON file on disk without any consent prompt, sensitivity warning, or safeguards around destination paths. In a document-processing skill, this can unintentionally persist confidential data in a secondary format that may be less protected, easier to exfiltrate, or left behind after processing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code launches Microsoft Word via COM and disables alerts before opening untrusted documents, causing automation to occur silently. In the context of a Word/VBA/ActiveX skill, this is more dangerous because opening documents through Word can trigger risky document behaviors or suppress security-relevant prompts that would otherwise warn the user.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The function defaults to overwriting the original document when no output path is provided, which can cause silent destructive modification of user files. In an automation skill that processes Word documents in bulk, this behavior increases the risk of accidental data loss or corruption, especially if invoked on important documents or with untrusted replacement inputs.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 安装命令: pip install -r requirements.txt

# 核心依赖
pywin32>=227

# 可选依赖
# python-docx  # 如需与docx-tools协同使用
Confidence
85% confidence
Finding
pywin32>=227

Known Vulnerable Dependency: pywin32 — 2 advisory(ies): CVE-2021-32559 (Integer overflow in pywin32); CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when adding an acces)

High
Category
Supply Chain
Confidence
97% confidence
Finding
pywin32

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal