ClawHub

Generate a Word (.docx) document based on the content list provided by the user.

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: creates Word documents, with the main caveat that it may install an unpinned Python dependency automatically.

Install only if you are comfortable with the skill writing your provided content into local .docx files and potentially running pip to install python-docx. In sensitive or locked-down environments, pre-install a reviewed, pinned python-docx version and choose the output filename/location deliberately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"⚠️ 检测到缺少库 '{package_name}',正在自动安装...")
    try:
        # 使用 sys.executable 确保安装到当前运行的 Python 环境中
        subprocess.check_call([sys.executable, "-m", "pip", "install", package_name])
        print(f"✅ 库 '{package_name}' 安装成功!")
    except subprocess.CalledProcessError:
        print(f"❌ 安装失败,请手动运行: pip install {package_name}")
Confidence
95% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", package_name])

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Auto-installing missing dependencies means the skill can modify the execution environment and retrieve code from outside the original artifact, which is a meaningful security boundary change. In an agent-skill context, this is more dangerous because users may expect simple file generation, not network-based package installation and environment mutation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script installs a package immediately upon import failure without obtaining explicit approval, so users may unknowingly permit code download and installation. This weakens transparency and consent, and in automated environments it can enable unreviewed third-party code execution paths.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger keywords are broad enough to match common, non-file-related requests such as generic reports, summaries, or multilingual terms for documents. This can cause the skill to activate unexpectedly and save user-provided content to a file without clear user intent, increasing the risk of unintended file creation and data handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it can automatically install python-docx and create .docx files, but it does not prominently warn that user content will be written to disk and that dependency installation may occur. This reduces informed consent and can lead to unexpected local changes, package installation, and persistence of potentially sensitive content.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal