ClawHub

论文润色修改全流程SOP

Security checks across malware telemetry and agentic risk

Overview

The skill fits its paper-revision purpose, but its generated reports use an undeclared remote chart script and may present hard-coded generic advice as document-specific analysis.

Install only if you are comfortable with a local tool reading your manuscript and writing derivative report files. For confidential or unpublished work, remove or bundle the remote Chart.js dependency before opening the HTML report, choose a private output folder, and manually verify any rewrite examples or journal-fit advice because some report sections are generic or hard-coded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The generated HTML pulls Chart.js from a public CDN, which introduces an external network dependency into a tool described as a local paper-analysis workflow. Opening the report can leak usage metadata and creates a supply-chain risk if the CDN asset is unavailable, tampered with, or blocked.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script claims to generate a report from the supplied paper, but this section hard-codes rewrite examples for specific paragraph indices and fixed content. That can produce fabricated analysis and recommendations unrelated to the user’s document, which is dangerous in a paper-revision skill because users may trust and act on inaccurate guidance as if it were document-specific.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This block emits a fixed reduction roadmap and journal-fit checklist items that are not derived from the analyzed paper. In context, the skill is marketed as a professional end-to-end revision SOP, so presenting preset advice as analysis can mislead users, causing incorrect edits, false confidence, or unsuitable submission decisions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad, such as generic requests to 'modify this paper' or 'help me see if this paper can pass,' which can cause the skill to activate on common writing-assistance requests unexpectedly. Overbroad activation increases the chance of the skill performing document analysis, invoking subskills, or proposing file operations when the user did not intend this specialized workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes modifying user documents, preserving formatting with python-docx, and generating new .docx and .html artifacts, but it does not explicitly warn the user that files will be changed or created. Without an upfront notice and confirmation step, users may be surprised by file writes, artifact generation, or processing of sensitive manuscript content.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The script writes an HTML report containing extracted paper text and analysis to disk without explicit warning, which can expose sensitive unpublished manuscript content, reviewer comments, or proprietary research if stored in shared directories or synced locations. In this skill context, the analyzed input is likely confidential academic material, so silent persistence increases data-leakage risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal