ClawHub

corporate-doc-builder

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate document-building skill, but it should be reviewed because its diagram rendering runs live npm code and disables Chromium sandboxing.

Install only if you are comfortable running local document-generation scripts in the target workspace. Prefer trusted Markdown and Mermaid input, run rendering in a low-privilege or isolated environment, pin or preinstall Mermaid CLI instead of relying on live npx resolution, avoid --no-sandbox where possible, and always write to a new .docx output path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs reading files, writing output documents, and invoking shell commands (`ls`, `cat`, Python, and `npx`), yet it declares no explicit permissions boundary. That mismatch is dangerous because an agent or runtime may grant broader implicit access than the user realizes, increasing the risk of unintended file access or modification during document processing.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill recommends disabling Chromium sandboxing via Puppeteer for Mermaid rendering using `--no-sandbox`. Running a browser engine without sandbox isolation increases the blast radius of any Mermaid/Chromium exploit or malicious input processed during rendering, which is especially risky when the skill handles untrusted source materials.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script executes `npx -y @mermaid-js/mermaid-cli`, which can fetch and run external package code at render time. In a skill intended for local document generation, this creates a supply-chain and remote-code-execution exposure beyond the core purpose, especially when processing untrusted content in automated environments.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The injection instructions describe copying a template, clearing body content after the TOC, and writing a final `.docx`, but they do not require an explicit warning or confirmation before modifying document data. In a document-building workflow, this can cause accidental loss or overwriting of template or draft content if paths are wrong or the operator misunderstands which file is being mutated.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal