ClawHub

format-markdown-mkdocs

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local Markdown formatting skill, with manageable cautions around npm setup and optional in-place edits.

Install only if you are comfortable letting the skill read and rewrite the Markdown files you point it at. Prefer the default formatted-copy workflow for important documents, review generated analysis files and backups for sensitive content, and use structural-fixes-only or --no-backup only when you intentionally want direct edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata states that output goes to a new formatted file by default, but the workflow also offers an in-place mode that directly modifies the original file. This mismatch can mislead users or calling agents into assuming the operation is non-destructive, increasing the risk of unintended data loss or unauthorized alteration of source documents.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to run `npm install` or `npm ci`, which executes package lifecycle scripts and pulls code from the dependency supply chain. For a markdown-formatting skill, this expands the trust boundary significantly and can lead to arbitrary code execution or environment compromise if dependencies are malicious or tampered with.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script's default behavior sets the output path to the input path, so running it without --output overwrites the original file in place. This contradicts the skill description that promises a separate formatted output file, creating a material integrity risk and making accidental data loss more likely, especially in automation or agent workflows where users may trust the manifest.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal