ClawHub

文档可视化

Security checks across malware telemetry and agentic risk

Overview

This document-visualization skill mostly matches its stated purpose, but it needs review because it can automatically process sensitive documents, persist converted copies, and render unescaped document content in a browser.

Install only if you are comfortable reviewing the code and handling outputs manually. Avoid using it on untrusted or highly sensitive documents until HTML escaping, request blocking during export, narrower explicit invocation, dependency pinning, and clear output retention guidance are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The function renders a local HTML file in a full Chromium browser and waits for network idle, which allows the page to fetch remote resources or trigger outbound requests during export. If the HTML content is untrusted, this can leak data, enable SSRF-like internal network access from the host running the exporter, or produce nondeterministic outputs based on external content.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger conditions are extremely broad: any Feishu document link, any attachment, or any text containing data can auto-invoke the skill. In a chat-integrated environment, this creates a real risk of unintended processing of sensitive documents or links without sufficiently explicit user intent, which can expose private content and cause automatic local file generation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation does not clearly warn users that submitted documents and links will be parsed and exported into local files under a workspace directory. This is dangerous because users may share sensitive business or personal documents without understanding that the contents may be persisted as HTML, PDF, and image artifacts on disk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The generator inserts user-controlled values such as title, meta fields, table cells, timeline events, SWOT items, and CSS class fragments directly into HTML without escaping or sanitization. If untrusted data reaches this function, an attacker can inject arbitrary HTML/JavaScript, leading to stored or reflected XSS in any browser that renders the generated page.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal