ClawHub

Document Sanitizer

Security checks across malware telemetry and agentic risk

Overview

This skill locally sanitizes and restores Office documents as advertised, but its reversible record and optional legacy conversion need careful handling.

Install only if you are comfortable with reversible sanitization. Keep _sanitize_record.json private because it can reveal the original sensitive text and filenames, do not share it with sanitized outputs, and delete it when restoration is no longer needed. Use --auto-convert only after trusting the separate converter skill and preferably on documents from trusted sources or in an isolated workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The skill advertised as a docx/xlsx sanitizer also performs legacy document conversion by invoking another skill, expanding its operational scope beyond straightforward sanitization. This creates hidden trust and attack-surface expansion: processing untrusted .doc/.xls files through external converters can execute complex parsers and helper code the user did not reasonably expect from this skill.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
Launching external conversion scripts is a meaningful capability increase for a sanitization tool because it delegates execution to other code and parsers outside the core sanitization logic. In the context of user-supplied office files, this broadens the attack surface to include the security posture of those helper scripts and their libraries, making compromise or unexpected behavior more plausible if the converter skill is tampered with or vulnerable.

Intent-Code Divergence

Medium
Confidence
78% confidence
Finding
The code and messaging state that only docx/xlsx are supported, but the workflow can automatically convert and then process .doc/.xls files. This mismatch is dangerous primarily because it undermines user consent and review: operators may trust the documented narrower scope while the code actually handles additional, riskier legacy formats through external tooling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill prominently advertises reversible sanitization via a unified record, but does not clearly warn in the main description that `_sanitize_record.json` stores original sensitive values and filenames. That record becomes a concentrated secret store: if exposed, copied, or mishandled, it can fully undo the redaction and leak all underlying sensitive data.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation states that `--auto-convert` performs legacy `.doc/.xls` conversion without confirmation, which may invoke external tooling such as Word COM automation or additional parsers. Launching external conversion components without a clear warning increases the chance of unexpected code execution paths, macro/parser exposure, or unsafe handling of untrusted legacy files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal