ClawHub

Google Docs

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Docs integration with normal document read/write powers and a documented Sheets chart helper, not hidden or deceptive behavior.

Install this only if you are comfortable connecting an OOMOL account that can read and modify Google Docs. Be aware it can also read Google Sheets chart metadata for embedding workflows. Review payloads before edits, and require explicit approval before delete actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill is presented as Google Docs-only, but it exposes `list_spreadsheet_charts`, which reaches into Google Sheets data. That broadens the accessible surface beyond the stated purpose and can enable unintended cross-service data access if the agent or user assumes the skill is limited to Docs.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The action documentation is inconsistent with the skill's stated purpose: a skill presented as the handler for ANY Google Docs request also exposes Google Sheets chart-listing behavior. This can misroute agents into invoking broader cross-product capabilities than intended, increasing the chance of overbroad data access, incorrect tool selection, and accidental disclosure of spreadsheet metadata in contexts where only Docs operations were expected.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description says to use this skill for ANY Google Docs request and instead of calling the API directly, which is overly broad routing guidance. This can cause the agent to invoke the skill in situations where a narrower or read-only mechanism would be safer, increasing the chance of unintended data modification or over-privileged access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal