ClawHub

large-document-reader

Security checks across malware telemetry and agentic risk

Overview

This document-processing skill has a reasonable stated purpose, but its bundled scripts are hard-coded to read and write specific local paths instead of user-selected files and output locations.

Review before installing or running the bundled scripts. The high-level workflow is plausible, but the scripts should be changed to accept an explicit input file and output directory, stay within a user-approved workspace, check before overwriting, and clearly disclose that generated summaries and indexes may retain sensitive document content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill explicitly describes reading input documents and writing multiple files to disk, but it declares no permissions. That mismatch can bypass user expectations and platform controls, especially because the workflow creates directories and files automatically. In a skill that processes arbitrary user-supplied content, undeclared filesystem access is a real security and transparency issue.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script is hard-coded to read from a specific user's Desktop path and write into a fixed workspace path under that user's home directory. This creates unsafe file-system access assumptions, can expose local sensitive documents unintentionally, and may overwrite files or leak extracted content when run in another environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to save chapter files into a local directory without explicitly warning the user that filesystem modifications will occur. Silent file creation can overwrite existing content, leak sensitive document material into persistent storage, or leave artifacts in shared environments. Because the skill is designed to process long potentially sensitive documents, persistence risk is heightened.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill also writes structured summaries and a master index to disk but does not clearly disclose that persistent artifacts will be created. These files may contain condensed sensitive content and metadata, making them easier to exfiltrate or discover later than the original large document. In a research/document-processing skill, users may reasonably expect analysis, but not undisclosed persistent storage across multiple output files.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The script writes extracted chapter data to a fixed JSON path automatically, without confirmation or ensuring the target is safe and intended. While the data appears to be derived from the input document, silent writes can still cause unintended disclosure of sensitive content or overwrite an existing file in the workspace.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal