ClawHub

Output Forge

Security checks across malware telemetry and agentic risk

Overview

OutputForge is a local text-formatting skill, but users should review outputs because its default cleanup can remove AI-origin and limitation statements.

Use this for local formatting of text you control. Review output before publishing, and disable cleanup with --no-clean when AI-origin, uncertainty, browsing limits, training cutoffs, or other caveats are relevant or required by policy, academic rules, workplace rules, or law. Do not paste generated HTML or LaTeX from untrusted input into sensitive systems without inspection or sanitization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The README explicitly promotes removing AI-origin disclosures and other provenance-related statements automatically, without user consent, contextual checks, or policy caveats. This can facilitate deceptive presentation of AI-generated content as human-authored and may cause users to violate platform, academic, workplace, or legal disclosure requirements.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function intentionally strips phrases such as capability limitations, disclaimers, and uncertainty markers from arbitrary text without preserving context or warning callers. In a skill whose purpose is to rewrite model output, this can misrepresent safety boundaries or capabilities (for example, removing statements about lack of real-time access or personal opinions), which may lead downstream users to trust altered content more than they should.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal