ClawHub

合同文档转写技能

Security checks across malware telemetry and agentic risk

Overview

This skill is a local contract-to-Word generator, but it should be reviewed because it can pick the wrong Desktop file and generate authoritative-looking output with hard-coded or incomplete contract details.

Install only after reviewing the behavior. Run it on a copy of the intended contract, confirm the exact input file and output path, and manually verify contract number, parties, requirements, and generated diagrams before relying on the Word document. The author should remove hard-coded contract data, require explicit file paths, disclose and pin dependencies, and make the implementation match the stated workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and orchestrates local file reads, local file writes, and shell-capable automation, but does not declare permissions or clearly constrain those capabilities. This is dangerous because an agent or user may authorize the skill without understanding it can access desktop files and invoke external tooling, increasing the chance of unintended data exposure or local system side effects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill description promises contract-driven document conversion, architecture generation, and six prototype images, but the reported behavior instead relies largely on filename-derived values, template content, and external screenshot commands. This mismatch is security-relevant because users may provide sensitive contracts under the assumption of bounded processing, while the actual implementation uses undeclared tooling and produces misleading outputs that can hide data handling or execution risks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs reading a contract from the user's desktop and writing a generated document back to the desktop without an explicit warning or consent flow for local file access and modification. In context, contracts commonly contain sensitive business data, so silent access to desktop files increases the risk of privacy violations, accidental overwrites, or processing of the wrong document.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill describes automated screenshot generation and execution of a script, including browser automation via Playwright, without warning the user that local script processing and external command execution will occur. This matters because automation tooling can fetch dependencies, launch browsers, consume system resources, and create files, all of which expand the attack surface beyond simple document transformation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal