ClawHub

Yq Minimax Docx

Security checks across malware telemetry and agentic risk

Overview

This DOCX automation skill appears purpose-built rather than malicious, but it asks agents to invoke shell-based document tooling for very broad writing requests and has some under-scoped document-handling risks.

Review before installing. Use this skill only when you explicitly want Word/DOCX generation or DOCX transformation, not for every writing request. Run setup only if you are comfortable installing .NET and optional document tools, changing shell PATH configuration, and allowing NuGet restores. Treat templates from other people as untrusted because external relationships may be preserved in generated DOCX files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This code copies all external relationships from template parts into the generated DOCX without validation or restriction. In OOXML, external relationships can point to remote resources or linked content, so a malicious template can cause the produced document to retain outbound references that trigger network access, leak metadata, or load attacker-controlled content when the document is opened.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
`ResolveComment` accepts a `commentId` parameter but never uses it, instead selecting the first matching extensible comment element and marking it done. This can silently resolve the wrong comment, corrupting document review state and undermining integrity of comment workflows, especially in legal, report, or form-filling scenarios where comment status matters.

Vague Triggers

High
Confidence
96% confidence
Finding
The skill mandates use for broad everyday requests such as 'write a report' or any task implying a formal printable document, even when the user did not request DOCX generation. In an agentic system this can over-route ordinary writing tasks into a shell-capable skill, unnecessarily expanding access to local files, external tooling, and command execution.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes generic terms such as 'document' and broad categories like reports, contracts, and formatting-related words without scope constraints. In context, this broad matching is risky because the skill also has shell-driven workflows, so accidental invocation can lead to unintended command execution and processing of sensitive files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal