ClawHub

Auto Paper Writer

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but its cleanup step can delete unrelated files from a user’s Desktop.

Install only after removing or rewriting the cleanup step. It should delete only exact files created by the current run inside a dedicated project or temporary folder, after user confirmation. Also review the hard-coded Windows paths before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The cleanup step deletes files using wildcard patterns across the entire Desktop rather than only within the paper-specific working directory. This can destroy unrelated user files such as PowerShell scripts, Python scripts, or presentation files, causing data loss well beyond the skill's stated scope.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill says outputs are contained in `C:\Users\29064\Desktop\[论文名字]\`, but the cleanup commands operate on the whole Desktop. This mismatch makes the workflow more dangerous because users may reasonably expect only the project folder to be touched while unrelated files are actually deleted.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Trigger phrases such as '自动写论文' and '生成论文' are broad and likely to overlap with ordinary user requests, increasing the chance of accidental activation. In this skill, unintended activation is more dangerous because the workflow includes network downloads, local file writes, compilation, and cleanup actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is designed to create directories, save PDFs, generate images, and compile output onto the user's Desktop, but it does not present a clear upfront warning or consent mechanism for these filesystem changes. Because the workflow performs multiple side effects automatically, lack of notice increases the risk of surprising and unwanted modifications to the user's machine.

Missing User Warnings

High
Confidence
99% confidence
Finding
The cleanup commands perform destructive deletion of Desktop files without any confirmation, preview, or safety bounds. This is especially dangerous because the wildcards target common file types and could irreversibly remove unrelated user work after a normal skill run.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal