ClawHub

Ingest Paper

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it claims, but it handles private documents with broad Gitea administrator credentials and external storage, so it needs review before installation.

Install only if you trust the publisher and the configured Gitea/Feishu environment. Use HTTPS, avoid a full site-admin token if a narrower token can work, confirm that uploaded PDFs may be stored in Gitea and that metadata may be synced to Feishu, and pin or review dependency versions before deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs use of Gitea credentials from a local .env and optionally syncs data to Feishu using user-linked tokens, but it does not require an explicit user-facing notice that uploaded papers, extracted text, summaries, and metadata will be transmitted to external systems. This can cause unintended data disclosure, especially for uploaded private PDFs or sensitive research materials, because users may think they are only asking for local analysis rather than repository storage and third-party synchronization.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28
python-dotenv>=1.0
pymupdf>=1.24
Confidence
95% confidence
Finding
requests>=2.28

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28
python-dotenv>=1.0
pymupdf>=1.24
Confidence
95% confidence
Finding
python-dotenv>=1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28
python-dotenv>=1.0
pymupdf>=1.24
Confidence
95% confidence
Finding
pymupdf>=1.24

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
72% confidence
Finding
python-dotenv

Known Vulnerable Dependency: pymupdf — 1 advisory(ies): CVE-2026-3029 (PyMuPDF has a path traversal in _main_.py)

Low
Category
Supply Chain
Confidence
74% confidence
Finding
pymupdf

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal