ClawHub

kdocs skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Kdocs cloud document automation, but it asks for broad cloud-document authority while under-scoping token handling, public sharing, and remote self-update behavior.

Install only if you intend to give this skill access to your Kdocs/WPS cloud documents. Prefer the built-in login flow over pasting tokens into chat, review any public or anyone share-link action before approving it, avoid using it on highly sensitive contracts or invoices unless your policy allows cloud/AI processing, and be cautious about its self-update path replacing skill files from a remote zip.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (44)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest includes broad trigger phrases such as generic requests to summarize, organize, write, translate, or make PPTs, which can cause the skill to activate for many ordinary conversations. Over-broad invocation increases the chance that document-search, read, write, sharing, or installation flows are entered unintentionally, exposing user data or causing side effects without clear intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation promotes generating PPTs from existing documents but does not clearly warn that the referenced document content will be transmitted into an AI generation pipeline for processing. In a cloud document skill handling contracts, invoices, reports, and knowledge bases, this omission can lead users or integrators to submit sensitive material without informed consent or appropriate data handling checks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation explicitly instructs the user to copy an authentication token from the Kdocs web UI and provide it to the agent, which exposes a bearer credential to the agent runtime and any connected logging, memory, or tooling surfaces. Because this skill operates on cloud documents and knowledge bases, a leaked token could allow unauthorized access, modification, sharing, or exfiltration of sensitive user content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly shows enabling a share link with `share_to: anyone` but does not warn that this can expose document data to external parties beyond the organization. In a document-management skill, share operations directly affect data confidentiality, so omission of a privacy warning increases the chance an agent or user enables overly broad public access without understanding the exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The permission-update section documents changing `permission` and `share_to` values, including broad scopes like `anyone`, without warning that this can widen external access or grant edit capability. Because this skill manages cloud documents, permission broadening can immediately increase unauthorized disclosure or tampering risk if used carelessly by an agent or end user.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The scrape_url workflow sends a user-provided external URL to the service, which then retrieves the page and automatically creates a cloud document. Without an explicit warning about server-side fetching, persistence, and document creation, users may unknowingly disclose private URLs or trigger collection of sensitive web content into cloud storage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The upload_attachment API can fetch content directly from a remote URL and attach it to an existing document, but the documentation does not warn that this causes the service to contact the remote host and ingest that content. This can expose private URLs, trigger unintended external requests, and import unreviewed or sensitive data into cloud documents without informed user consent.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation exposes capabilities to enumerate a user's recent files and recycle-bin contents, which are privacy-sensitive because filenames, metadata, creators, links, and deleted content can reveal confidential work activity. While this is a legitimate document-management feature, the absence of any warning, authorization guidance, or least-privilege/privacy considerations increases the risk of inadvertent data exposure or misuse by an agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide explicitly recommends full-file overwrite operations such as `upload_file(file_id, content_base64)` for updates, including '整篇重写/覆盖上传' and PDF replacement, but it does not require confirmation, backup, diffing, or any user-facing warning about destructive replacement. In a cloud document skill, this creates a realistic risk of accidental data loss or irreversible corruption when an agent misidentifies the target file or over-applies a rewrite.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that providing `questions` will fully overwrite the existing question list, but it does not clearly foreground the destructive data-loss risk to users at the point of use. In a document/form management skill, this can lead an agent or user to unintentionally delete or replace form structure, causing loss of drafted content or workflow disruption.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger examples for 'put file into knowledge base' are broad enough to match generic requests about moving, archiving, or uploading files, which can cause the skill to activate outside the user's intended product context. In a high-capability cloud document skill, overbroad invocation increases the chance of unintended file movement, uploads, or cross-repository actions on user data.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The search trigger examples are ambiguous and can overlap with ordinary document lookup requests that may belong to other tools or local/system search contexts. Because the documented workflow proceeds to search across knowledge bases and then offers follow-on actions like opening or downloading, an unintended match could expose metadata or content from the wrong storage scope.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The organization and cleanup examples are especially risky because they describe broad 'organize', 'classify', and 'clean up' intents that can map to destructive operations such as move_file and kwiki.delete_item. Even though the document later mentions user confirmation, the loose triggers still raise the likelihood of the skill being selected for generic housekeeping requests and operating on a knowledge base unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly allows creating a knowledge base with `status=3` for internet-public visibility, but it provides no warning, confirmation requirement, or guidance about the risk of exposing sensitive internal documents. In a cloud document skill that is likely to be used for work reports, contracts, invoices, and knowledge management, this omission can lead users or downstream agents to publish confidential business data to the public internet by mistake.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly instructs users to create a public share link for the converted file and then download it, but it does not warn that public sharing may expose sensitive document contents to anyone with the link. In a document-management skill that commonly handles contracts, invoices, and work reports, this omission can lead to unintended data disclosure.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill states that converted output is automatically saved to the user's cloud drive path, but it does not present this as a user-facing privacy/storage warning. For users converting sensitive PDFs, automatic persistence in cloud storage can create retention and exposure risks if they assume the conversion is temporary.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly recommends creating a public share link for split PDF results and then downloading from that link, but it does not warn that this can expose sensitive document contents to anyone with the link. In a cloud document skill that is likely to handle contracts, invoices, reports, and other private files, normalizing public-link creation increases the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The merge workflow documentation again recommends creating a public share link for merged PDF results without any warning about confidentiality or access scope. Because merged PDFs may aggregate multiple sensitive source documents into a single file, encouraging public sharing in the default path can magnify the blast radius of accidental exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation directs users to submit full PDF contents for translation and even encourages trusting the tool's synchronous result, but it does not warn that document contents may be transmitted to downstream translation services or processed outside the immediate client context. For a document-handling skill, this omission can cause users or integrators to send sensitive contracts, invoices, or internal reports without informed consent or privacy review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file explicitly states that authentication depends on Cookie `wps_sid` but provides no warning that this is a sensitive credential that must not be logged, exposed, or requested from end users insecurely. In an agent skill context, mentioning a live session cookie without handling guidance increases the risk of credential leakage, replay, or misuse by downstream tooling and integrators.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes an upload-by-URL/file capability that can transfer user-provided content to a remote service, but it does not warn about privacy, data handling, or trust boundaries. In a cloud document skill, users may upload sensitive attachments or cause the platform to fetch third-party URLs, creating risks of unintended disclosure, compliance violations, or SSRF-like backend fetching behavior if URL retrieval is performed server-side.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad everyday phrases such as '做PPT' and '生成PPT', which can cause the skill to activate in situations where the user did not clearly intend cloud-document operations through this specific skill. In this context, accidental invocation is more concerning because the workflow can consume user content, process document links, and upload generated files to cloud storage, increasing the chance of unintended data handling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow instructs the agent to extract a document link_id directly from a shared link and later upload the generated PPT to cloud storage, but it does not require explicit notice or consent about reading source documents, transmitting their contents for processing, or creating a new cloud-hosted artifact. This creates a privacy and data-handling risk, especially when the source document may contain contracts, invoices, reports, or other sensitive business information.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very common phrases such as '表单', '报名', and '收集信息', which can match many ordinary conversations and cause the skill to activate when the user did not explicitly ask to create a Kdocs form. In this skill, unintended activation is security-relevant because the workflow proceeds toward file creation and link generation, which can cause unwanted document creation, data handling, and possible oversharing if the agent acts on ambiguous intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad and map to common, ambiguous presentation-editing requests such as importing, inserting, or merging slides. In an agent-routing context, this can cause the skill to activate for requests that may not actually intend external slide import, increasing the chance of unintended document modification or use of externally supplied URLs/files without sufficient user intent validation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal