ClawHub

Itinerary DOCX Template

Security checks across malware telemetry and agentic risk

Overview

The skill is a local itinerary DOCX generator, but it can silently remove tables and contract-related sections despite saying template terms stay unchanged.

Review carefully before installing. Use only on copies of templates, pass --keep-contract when legal terms, pricing tables, or standards must be preserved, and manually inspect generated documents before sending them to clients or relying on them for contracts or compliance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a true security-relevant integrity issue because the skill claims to preserve the original template and replace only matched itinerary sections, but the described behavior can delete tables, strip contract/agreement sections, and generate entirely new content beyond the supplied itinerary. In a travel-agency or document-automation context, that can silently alter legal, pricing, or compliance content in generated customer documents, creating fraud, misrepresentation, or contractual risk.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The function unconditionally removes all tables and any paragraphs after broad contract-related anchors, which goes beyond simply replacing itinerary text. In this skill's context, users are explicitly relying on preservation of the original DOCX styling and terms, so this behavior can silently delete contractual, pricing, or compliance content from the template and produce misleading documents.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The CLI defaults to itinerary_only=True, meaning contract content is stripped unless the caller knows to pass --keep-contract. That default conflicts with the skill description to keep original template styling/terms, creating a high risk of silent document tampering or omission of legally important sections in generated itineraries.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script opens a user-supplied template, modifies many paragraph ranges, may delete tables/contracts, and saves the output without any validation or confirmation that the changes match user intent. In a document-generation skill handling tourism itineraries, this is risky because the output may be treated as customer-facing or quasi-contractual, so silent destructive edits can propagate incorrect or noncompliant content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal