ClawHub

huo15-doc-template / 火一五文档模板

Security checks across malware telemetry and agentic risk

Overview

This Word template skill has a plausible purpose, but it can automatically read local Odoo/OpenClaw credentials, contact company systems with TLS checks disabled, and cache downloaded logo files without clear user control.

Install only if you trust this publisher, intentionally use the huo15 Odoo integration, and are comfortable with the agent reading local Odoo/OpenClaw credential files and contacting the configured Odoo server. Prefer a revised version that narrows triggers, asks before remote access, uses platform-managed scoped credentials, keeps TLS verification enabled, and clearly documents logo caching under ~/.huo15/assets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
A document-template skill is expected to format content locally, but this code also reads local credential/config files and contacts an ERP/Odoo system to retrieve company data. That creates hidden data-access and network side effects, expanding the trust boundary and exposing local secrets and internal system metadata during a seemingly simple document-generation task.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill searches for local Odoo credentials, reads them from disk, disables TLS verification, and uses them to query remote ERP objects and configuration parameters. Those behaviors are not justified by generic document generation and materially increase the risk of credential misuse, internal data exposure, and man-in-the-middle interception.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Automatically downloading remote assets during document generation introduces undeclared network activity and a content-supply-chain risk. Even if intended only to fetch a logo, it can leak usage context, create tracking opportunities, or import untrusted content into generated documents without user awareness.

Vague Triggers

High
Confidence
88% confidence
Finding
Stating that all document-generation tasks must automatically use this skill creates an undefined, overly expansive activation boundary. In context, that is risky because the skill is not purely a formatting helper; it performs hidden environment inspection and network access that users would not expect from every document request.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Stating that all document-generation tasks must automatically use this skill creates an undefined, overly expansive activation boundary. In context, that is risky because the skill is not purely a formatting helper; it performs hidden environment inspection and network access that users would not expect from every document request.

Vague Triggers

High
Confidence
93% confidence
Finding
The dedicated keyword list is broad, generic, and lacks exclusions, increasing the likelihood of accidental invocation across common user requests. Given the skill's hidden data retrieval and remote access features, accidental activation is more dangerous than it would be for a purely local template skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not tell users that generating a document may automatically read local configuration/credential files and fetch data or assets from internal/external systems. This lack of transparency undermines informed consent and can lead users to trigger sensitive operations unknowingly.

VirusTotal

No VirusTotal findings

View on VirusTotal