ClawHub

agentic-doc-parse-and-extract

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the promised cloud document extraction, but it needs Review because it can run unverified install scripts and send sensitive documents to a third-party service with limited guardrails.

Review before installing. Prefer the npm package or a pinned, verified release, and avoid the curl-to-bash or downloaded PowerShell installers unless you inspect and trust the script. Only send documents that your organization permits to be processed by Laiye ADP public cloud, especially IDs, HR files, invoices, receipts, and financial records. Use a limited API key, avoid putting secrets directly on command lines, and require explicit approval before deleting apps, clearing config, or batch-processing local folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The examples include installing and executing general-purpose bootstrap scripts from the internet, which extends beyond the core document parsing functionality and introduces arbitrary code execution risk on the host. In agent contexts, installation snippets are often copied verbatim, so bundling remote execution steps in product docs materially increases the chance of unsafe execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
该安装说明建议用户直接将远程获取的 Shell 脚本通过管道交给 bash 执行,意味着脚本内容未经人工审查、校验或完整性验证就会在本机运行。若上游仓库、发布流程、网络链路或脚本内容被篡改,用户可能立即遭受任意命令执行、凭据窃取或主机持久化控制。

Missing User Warnings

Medium
Confidence
97% confidence
Finding
该 PowerShell 安装方式会先从远程地址下载脚本,再立即在本地执行,同样缺少任何真实性、完整性和来源校验。对于 Windows 用户,这会把远程内容直接转化为代码执行入口,一旦脚本或分发源被替换,可导致系统级恶意操作、数据窃取或横向移动。

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to pipe a remotely fetched shell script directly into bash, which executes unreviewed code from the network immediately. If the GitHub source, repository, branch, or delivery path is compromised, users could suffer arbitrary code execution on their machines with the privileges of the invoking user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The PowerShell command downloads a remote script and immediately executes it without integrity verification or an opportunity for user inspection. This creates a direct remote code execution path if the hosted script or distribution channel is altered maliciously.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to upload local files, URLs, and document contents to Laiye's remote ADP service, but it does not prominently require explicit user consent or warn that sensitive business and identity documents will leave the local environment. Because the documented use cases include invoices, receipts, HR records, and Chinese identity/credential documents, this creates a real privacy and data-handling risk if an agent sends confidential material to a third-party service without informed approval.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documentation encourages uploading local files, remote URLs, and base64 document contents for parsing without clearly warning that these operations transmit potentially sensitive documents to an external service. In a skill focused on invoices, receipts, HR, and identity documents, omission of privacy and data-handling warnings increases the risk of accidental exfiltration of highly sensitive personal or financial data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The config commands describe setting and retrieving API keys and base URLs without any warning that credentials are sensitive secrets that must not be exposed in logs, screenshots, shell history, or shared environments. In agent-driven workflows, this can lead users or downstream automation to mishandle credentials and unintentionally disclose them.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Piping curl output directly to bash executes whatever the remote server returns without giving the user or agent an opportunity to inspect it first. If the upstream repository, CDN, DNS, or network path is compromised, this becomes immediate arbitrary code execution on the machine running the command.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The PowerShell example downloads a remote script and immediately executes it, which has the same arbitrary code execution risk as shell piping patterns. Because this is presented as a normal installation path without a strong warning, users and agents may run it automatically and trust remote code they have not validated.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API key examples encourage passing credentials directly on the command line, which can expose secrets via shell history, process listings, terminal logs, CI logs, or persisted CLI config. This is especially risky for agent-driven workflows where commands may be recorded or echoed automatically.

External Script Fetching

Low
Category
Supply Chain
Content
npm install -g @laiye-adp/agentic-doc-parse-and-extract-cli --registry=https://registry.npmmirror.com/ || npm install -g @laiye-adp/agentic-doc-parse-and-extract-cli

# Method 2: Shell script (Linux / macOS, if npm is not available)
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

# Method 3: PowerShell script (Windows, if npm is not available)
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.ps1" -OutFile "$env:TEMP\adp-init.ps1"; & "$env:TEMP\adp-init.ps1"
Confidence
95% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
npm install -g @laiye-adp/agentic-doc-parse-and-extract-cli --registry=https://registry.npmmirror.com/ || npm install -g @laiye-adp/agentic-doc-parse-and-extract-cli

# Method 2: Shell script (Linux / macOS, if npm is not available)
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

# Method 3: PowerShell script (Windows, if npm is not available)
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.ps1" -OutFile "$env:TEMP\adp-init.ps1"; & "$env:TEMP\adp-init.ps1"
Confidence
99% confidence
Finding
| bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal