ClawHub

Word Docx Formatting Repair Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only helper for repairing Word DOCX formatting, with some broad activation wording but no hidden execution or data export behavior.

This skill is reasonable to install for DOCX formatting repair. Because it may activate on broad Word-related requests, be deliberate when using it with sensitive legal or business documents: provide only the file needed, keep an original backup, and review any repaired copy before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger sentences are broad enough to match ordinary user requests that are not clearly asking for this specific skill, which can cause unintended skill activation. In an agent system, overbroad routing can expose users to irrelevant or higher-privilege workflows, increasing the chance of misexecution or unsafe handling of documents.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are highly generic and include natural-language fragments that could match ordinary user requests unrelated to an intentional skill invocation. In an agent system, this increases the chance of accidental activation, causing the skill to process sensitive documents or take over workflow routing when the user did not explicitly request it.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation description is broad enough to match generic productivity, Microsoft Word, or document-support requests that are not actually about DOCX formatting repair. This can cause the agent to invoke the skill outside its intended scope, leading to irrelevant guidance, incorrect task routing, or accidental overshadowing of safer or more appropriate skills.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains common terms like 'docx', 'styles', and 'microsoft word' without constraints, so ordinary Word-related conversations may activate the skill even when formatting repair is not the user's goal. Overbroad triggers increase misrouting risk and can cause the agent to apply this workflow in contexts where different instructions or safeguards are needed.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill can be implicitly invoked with a very broad default prompt and only a generic description of when to use it, which increases the chance of over-triggering on loosely related document tasks. In practice, this can route user content into a specialized workflow without sufficiently clear user intent or boundaries, creating unnecessary exposure of document contents and increasing the chance of unintended modifications or analysis.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger sentences are broad, repetitive, and phrased as generic user requests rather than precise activation criteria, which increases the chance the skill will be invoked unintentionally for loosely related Word or DOCX tasks. In an agent system, overbroad activation can route sensitive business or legal documents into an unsuitable workflow, causing incorrect handling, privacy exposure through unnecessary file inspection, or automation mistakes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal