ClawHub

Document Handler

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: extract and convert user-chosen document files without hidden networking, credential access, persistence, or destructive behavior.

Install this only if you want agents to process local documents. Use it on files you intentionally provide, avoid sensitive documents unless you are comfortable with extracted text and metadata entering the agent context, and choose output paths carefully because conversions may create or overwrite files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is very broad: it activates on generic mentions of document files, paths, or requests to read/convert documents. In an agent setting, overbroad routing can cause the skill to engage in many ordinary conversations and increase the chance that file-processing commands are suggested or invoked on unintended inputs, including sensitive local files. The context makes this more concerning because the skill is designed to operate on real file paths and document conversions.

Missing User Warnings

Low
Confidence
74% confidence
Finding
The documented commands create output files (for example output.txt, output_prefix, and converted files) without warning about filesystem side effects or possible overwrites. While not directly malicious, this can lead to accidental data loss, clutter, or writing files into unintended locations when an agent or user follows the examples verbatim. The risk is somewhat limited because the examples use explicit output names, but the skill context still involves local file manipulation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal