ClawHub

Office To Md V2

Security checks across malware telemetry and agentic risk

Overview

This document-conversion skill is mostly purpose-aligned, but it automatically installs Python packages and uses raw shell commands on user-controlled file paths.

Install only if you are comfortable with a converter that can run shell commands and modify the Python environment. Use it on trusted files or safely named paths, avoid confidential documents unless you control logs and output locations, and consider removing the automatic pip install and replacing shell strings with argument-array execution before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Low
Confidence
95% confidence
Finding
The skill description does not clearly warn that conversion creates a new .md file next to the source document, which can cause unintended data persistence in sensitive directories. In security-sensitive workflows, silent file creation can expose extracted content to backup systems, sync tools, other users, or later automated processing.

Missing User Warnings

Low
Confidence
98% confidence
Finding
The examples show reading converted documents, printing previews, substrings, and analysis results without any privacy warning, encouraging users to expose potentially sensitive document contents in logs or console output. Because this skill processes office documents that often contain confidential data, these examples increase the chance of accidental disclosure through terminal history, observability pipelines, shared logs, or screenshots.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The function returns the full converted document content in `markdown` and a `preview` string directly to the caller, which can expose sensitive contents from uploaded or local Office/PDF files to whatever agent, toolchain, logs, or downstream consumer invokes this skill. In an agent-skill context, this is more dangerous because skills are often composed with other tools and may surface outputs to models, chat transcripts, or telemetry without clear user awareness or data-minimization controls.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code automatically runs `pip3 install python-pptx` at runtime when the module is missing, causing an unprompted network/package-management side effect on the host. This is dangerous because it modifies the execution environment without user consent, may pull unpinned third-party code from an external repository, and can fail unpredictably or introduce supply-chain risk in environments where this converter processes untrusted files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal