ClawHub
Back to skill

Security audit

document-parser

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local document parser; its main risk is that it reads and prints the full contents of documents the user points it at.

Safe to install if you intend to parse local documents. Use it only with files you deliberately select, avoid unnecessary confidential documents, prefer a virtual environment for dependencies, and remember that extracted text may appear in chat context or terminal output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly instructs the agent to read user-supplied local documents via a parser script, but the manifest does not declare corresponding permissions. Undeclared file-read capability weakens transparency and policy enforcement, making it easier for a skill to access uploaded or local files without an explicit trust signal to users or the platform.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill advertises full extraction of text, tables, and metadata from documents but gives no warning that documents may contain sensitive personal, financial, legal, or proprietary information. Users may not realize the entire file will be read and processed, increasing the risk of over-collection, unintended exposure in outputs/logs, or misuse of sensitive content.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
When run as a script, the program prints the full parsed document text directly to stdout. If documents contain sensitive data, this can expose contents through terminal history, logs, process supervision systems, or shared execution environments without any warning or consent boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal