ClawHub

Indesign-script-for-manga-typesetting

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for InDesign manga layout automation, but it can run local shell/PowerShell and Python helper scripts from configurable or project-adjacent paths without strong confirmation or provenance checks.

Review before installing. Use only trusted config files and trusted project folders, inspect any run_manga_layout.sh or run_manga_layout.ps1 next to a config before pressing Run, and only set segmentation.pythonScriptPath to a helper script you trust. Avoid processing sensitive unpublished manuscripts unless you are comfortable with local temp-file and log behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script exports document text to temporary files and then invokes an external Python script whose path can come from configuration. That adds an arbitrary code execution capability to a document-layout automation skill, and if an attacker can influence the config or bundled script path they can execute unintended code with the user's privileges.

Missing User Warnings

Medium
Confidence
67% confidence
Finding
The GUI exposes a one-click action that launches an external PowerShell or shell script from the config or application directory without any confirmation, provenance check, or warning. In a tool that may open arbitrary project folders and configs, this lowers the barrier to unintended execution of attacker-planted local scripts and increases the chance of social-engineering-driven code execution.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script writes document text content to predictable temporary files before segmentation, which can expose potentially sensitive manuscript data to other local users, backup agents, or malware on the same host. In a headless workflow with no explicit disclosure, this increases confidentiality risk beyond what users may expect from a layout script.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script executes an external Python helper in headless mode without explicit warning or consent, which materially changes the trust boundary of the skill. In this context, silent external execution is dangerous because users may assume the script only manipulates InDesign documents, not that it launches other programs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal