ClawHub
Back to skill

Security audit

Docx

Security checks across malware telemetry and agentic risk

Overview

This DOCX skill is a coherent document-processing helper, but users should be careful with its optional system dependency install commands.

Install only if you want an agent to work directly with Word documents, including creating or modifying files. Do not allow it to run sudo, global npm installs, or pip installs unless you intentionally approve dependency setup in that environment; prefer preinstalled or isolated tooling when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs the agent to read files, write files, and execute shell commands, yet it does not declare corresponding permissions or boundaries. This creates a mismatch between apparent capability and declared trust surface, increasing the chance that a caller invokes powerful behaviors without informed consent or policy enforcement.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill includes package installation instructions using system package managers and global npm/pip installs, which expands its behavior from document handling into host modification. If followed automatically or casually, these commands can change the execution environment, require elevated privileges, and introduce supply-chain risk unrelated to the immediate document task.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The manifest description is broad enough to trigger on nearly any .docx-related request, including creation, editing, analysis, conversion, and comments, which increases the chance of activation in situations that do not need its most powerful capabilities. Overly broad routing raises the attack surface because the skill may be selected for sensitive or destructive workflows by default.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The instructions direct the agent to unpack, edit, and repack documents without an explicit warning that these actions modify files and create new outputs. In a document-processing context, silent mutation is risky because users may expect analysis-only behavior while the skill performs irreversible or hard-to-review transformations.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
Required dependencies (install if not available):

- **pandoc**: `sudo apt-get install pandoc` (for text extraction)
- **docx**: `npm install -g docx` (for creating new documents)
- **LibreOffice**: `sudo apt-get install libreoffice` (for PDF conversion)
- **Poppler**: `sudo apt-get install poppler-utils` (for pdftoppm to convert PDF to images)
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- **pandoc**: `sudo apt-get install pandoc` (for text extraction)
- **docx**: `npm install -g docx` (for creating new documents)
- **LibreOffice**: `sudo apt-get install libreoffice` (for PDF conversion)
- **Poppler**: `sudo apt-get install poppler-utils` (for pdftoppm to convert PDF to images)
- **defusedxml**: `pip install defusedxml` (for secure XML parsing)
Confidence
95% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
- **pandoc**: `sudo apt-get install pandoc` (for text extraction)
- **docx**: `npm install -g docx` (for creating new documents)
- **LibreOffice**: `sudo apt-get install libreoffice` (for PDF conversion)
- **Poppler**: `sudo apt-get install poppler-utils` (for pdftoppm to convert PDF to images)
- **defusedxml**: `pip install defusedxml` (for secure XML parsing)
Confidence
95% confidence
Finding
sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal