ClawHub

TextRazor

Security checks across malware telemetry and agentic risk

Overview

This TextRazor skill is not malware, but its short description understates that it can manage or delete TextRazor resources and send user text to an external service.

Review before installing if you only wanted read-only TextRazor access. Use it only with a TextRazor/OOMOL account you are comfortable connecting, avoid sending secrets or sensitive documents for analysis, and require explicit confirmation before any classifier or dictionary create/update/delete operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description presents the skill as suitable for 'searching and reading data', but the body exposes administrative actions that can create, update, and delete TextRazor resources. This mismatch can cause an agent or user to invoke a state-changing skill under the false assumption that it is read-only, increasing the chance of unintended modification or deletion.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The top-level description implies read-oriented TextRazor usage, while the documentation later provides direct instructions for create/update/delete operations. In agent settings, this kind of capability understatement is dangerous because action selection often relies heavily on manifest text, so the skill may be chosen in contexts where only non-mutating access was expected.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger text says to use this skill for ANY TextRazor request, which is overly broad and can cause the skill to be selected for unrelated or higher-risk tasks without sufficient user intent validation. Because the skill includes both benign reads and state-changing management functions, broad routing language increases the risk of unintended execution paths.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill directs users to send arbitrary text to the external TextRazor service but does not disclose that potentially sensitive user content will leave the local environment and be processed by a third party. In an agent setting, this creates a real privacy and data-handling risk because prompts, documents, or secrets may be transmitted without informed user consent or data minimization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal