ClawHub

word-document-organizer

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to organize Word documents locally, but it needs review because it can overwrite user files and automatically install a Python package despite claiming no network or system-management access is needed.

Review before installing. Use this only on copies of documents or specify an explicit output_path, and do not allow the dependency install step unless you are comfortable with pip modifying the Python environment. There is no artifact-backed evidence of malware or data theft, but the overwrite default and under-disclosed package installation should be fixed or clearly confirmed by the user.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill claims failures will not damage the original file, but the implementation defaults to saving back to the input path when no output_path is provided. That means a partial or unintended overwrite can alter the source document, and the safety claim is materially misleading for a document-editing tool handling user data.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation states no network or system-management privileges are needed, but the skill may execute `pip3 install python-docx`, which performs network access and modifies the local Python environment. This expands the trust boundary, can violate least-privilege expectations, and may introduce supply-chain risk from runtime package installation.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
A local Word-formatting skill does not need to dynamically install software during execution, so bundling `pip install` exceeds the minimum capability required for its purpose. Even if intended for convenience, it creates unnecessary code-execution, environment-modification, and dependency-fetching exposure in response to a document task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal