ClawHub

Minimax Docx

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a DOCX generator, but it needs Review because ordinary commands can automatically download and run .NET installer scripts and modify the user’s home-level .NET installation without a clear consent step.

Install only if you are comfortable with this skill managing .NET on your machine. Prefer installing .NET 9 yourself before use, avoid running doctor/render/audit/map-apply on systems where ~/.dotnet contains important existing runtimes, and review any generated filler or template edits before relying on the output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
$execution = [scriptblock]::Create($installer.Content)
            & $execution -Channel {channel} -InstallDir '{target_dir}'
            """
            subprocess.run(
                ["powershell", "-Command", powershell_script],
                capture_output=True, text=True, timeout=300
            )
Confidence
98% confidence
Finding
subprocess.run( ["powershell", "-Command", powershell_script], capture_output=True, text=True, timeout=300 )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
target_dir = Path.home() / ".dotnet"

            installer_path = Path(tempfile.gettempdir()) / "dotnet-bootstrap.sh"
            subprocess.run(
                ["curl", "-sSL", installer_url, "-o", str(installer_path)],
                check=True, timeout=60
            )
Confidence
97% confidence
Finding
subprocess.run( ["curl", "-sSL", installer_url, "-o", str(installer_path)], check=True, timeout=60 )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
check=True, timeout=60
            )
            installer_path.chmod(0o755)
            subprocess.run(
                [str(installer_path), "--channel", channel, "--install-dir", str(target_dir)],
                check=True, timeout=300
            )
Confidence
97% confidence
Finding
subprocess.run( [str(installer_path), "--channel", channel, "--install-dir", str(target_dir)], check=True, timeout=300 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and instructs use of capabilities equivalent to shell execution, file read/write, and environment inspection, but does not declare any permissions or capability boundaries. This is dangerous because consumers and policy engines may treat the skill as lower risk than it is, while it can invoke external tooling and manipulate local files during document generation and validation workflows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose is narrow—enterprise DOCX generation—but the described behavior is much broader, including auditing existing files, modifying templates, invoking subprocesses, browser automation, and even provisioning the .NET SDK via network downloads. This mismatch is dangerous because it hides materially different trust requirements and attack surface; a user expecting offline document creation may unknowingly authorize command execution, downloads, file modification, and external tool invocation.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill advertises document generation but also includes automatic runtime acquisition and installation, which significantly exceeds the minimal capability needed for that function. Hidden or unexpected installation behavior is dangerous because it changes the host environment and introduces remote code execution and supply-chain risk during ordinary use.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code makes external requests to fetch installer scripts and then executes them, a capability far more sensitive than Word document generation. In this context, network retrieval of executable setup logic is unjustified and creates a high-risk supply-chain and host-compromise avenue.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
guarantee_dotnet() can trigger automatic installation or reinstallation of .NET with only status messages and no explicit consent checkpoint at the moment of execution. Silent or near-silent environment modification is risky because users invoking a document tool may not expect dependency downloads, filesystem changes, or remote script execution.

Ssd 4

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs the agent to generate supplementary or filler content when user-provided material is insufficient. In a document-generation skill, this can cause unauthorized fabrication in professional, legal, academic, or enterprise documents, undermining integrity and potentially introducing false statements presented as user-authorized content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal