ClawHub
Back to skill

Security audit

Docx Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a local Word document extraction toolkit with ordinary privacy and data-handling cautions, not evidence of hidden or malicious behavior.

Install dependencies in a virtual environment, use explicit output directories, avoid in-place resizing unless intended, and treat extracted text, images, and optional context manifests as sensitive if the original document is sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The docstring claims omission of output_dir overwrites files in place, but PNG handling can instead create a new .jpg path while leaving the original PNG present. This mismatch can cause unexpected file proliferation, stale/original sensitive images remaining on disk, and incorrect operator assumptions about what data was transformed or removed.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The script writes extracted images plus a JSON manifest containing surrounding paragraph text, section names, and inferred sensitive categories to disk without any warning, minimization, or protection. In the context of a DOC/DOCX extraction skill, this increases the chance of unintentionally persisting sensitive document content and metadata where other local users, logs, backups, or downstream tools may access it.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
Allowing in-place modification by default when output_dir is omitted can destroy originals or alter evidentiary/source data without an adequate warning or safety interlock. In a document-processing context, extracted images may be important artifacts, so accidental irreversible modification can lead to data loss, integrity issues, and operator confusion.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase at line 11 is broad enough to match many ordinary document-related requests, which can cause this skill to activate when a user did not specifically intend to use a Word extraction tool. In an agent ecosystem, unintended activation can expose document contents to the wrong skill, cause surprising behavior, and increase the chance of processing sensitive files without clear user intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase at line 8 is too generic and may overlap with many common user requests about documents, increasing the likelihood of accidental invocation. Because this skill extracts content from uploaded Word files, unintended routing could lead to unnecessary access to document text, tables, or images and create privacy or data-handling risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.