ClawHub

Google Docs from Markdown

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it converts a user-chosen Markdown file into a Google Doc, but users should notice the Google Drive upload and Pandoc download behavior.

Install only if you are comfortable running a local shell script that uses your existing gog Google login to upload the selected Markdown content to Google Drive. For lower risk, install Pandoc yourself from a trusted package manager before use, confirm which Google account gog is authenticated to, and avoid using the skill for files you do not intend to put in Google Docs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill clearly instructs users to run shell commands and a helper script, but it does not declare corresponding permissions or capabilities. This creates a transparency and policy problem: users and hosting systems may not realize the skill executes local commands, downloads binaries, and uploads files, increasing the chance of unintended code execution or misuse.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script silently downloads and installs an executable from GitHub at runtime into /tmp, which expands its behavior beyond simple Markdown-to-Google-Docs conversion and introduces a supply-chain risk. Because the downloaded archive is not integrity-checked or signature-verified, a compromised release, MITM in a misconfigured environment, or local tampering in /tmp could lead to execution of attacker-controlled code.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Fetching an external executable from GitHub during execution is not necessary to safely process local Markdown and creates an avoidable trust boundary crossing. The script immediately relies on that downloaded binary without authenticity validation, making the host susceptible to arbitrary code execution if the artifact or download path is subverted.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill omits a prominent warning that document contents are uploaded to Google Drive and converted into Google Docs, which may expose sensitive data to third-party cloud storage. Users may paste confidential markdown assuming a local conversion workflow, leading to inadvertent data disclosure or compliance violations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script uploads the converted document to Google Drive, which necessarily transmits user content off-host, but it does so without an explicit consent or warning step at execution time. In a skill that may be used on sensitive Markdown files, this can lead to unintended disclosure if the user assumes the operation is purely local conversion.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal