ClawHub

doc-system-generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed documentation generator that reads a project and writes documentation, with no evidence of hidden data theft or destructive behavior.

Install this only when you want a full documentation-system pass over a repository. Run it on a clean branch, review the generated docs and copied md-sections.sh script before committing, and decline optional web research when working with private code or sensitive architecture details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow explicitly instructs the agent to copy `scripts/md-sections.sh` into the user's project during Phase 0, which is a file-system modification before any explicit confirmation step. Silent project modification is dangerous because it can alter repositories, introduce unreviewed executable content, and create supply-chain or trust-boundary issues if the script content is unexpected or later executed.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The file is entirely in Chinese and provides operational instructions without offering a language-selection mechanism or fallback. In an agent skill, this can cause users or downstream agents to misunderstand workflow requirements, confirmations, and decision points, which may lead to incorrect documentation generation or skipped user consent steps.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The file is entirely in Chinese and does not provide a language choice, fallback, or documented locale constraint. In a broadly triggered documentation-generation skill, this can cause users or downstream agents to misunderstand core operating philosophy, produce incorrect documentation structures, or fail open by relying on partial interpretation of the rules.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal