ClawHub

Latex Studio

Security checks across malware telemetry and agentic risk

Overview

This is a simple LaTeX document template skill with no evidence of hidden code, credential access, persistence, or external data sharing.

Install this if you want help drafting LaTeX papers or reports. Review generated content for accuracy, citations, formatting requirements, and language needs; the skill is biased toward English output and may need explicit instructions for other languages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match common, non-specialized requests such as 'write a paper' or 'create a LaTeX document,' which can cause the skill to activate when the user did not explicitly request it. In an agent environment, this can lead to inappropriate routing, unexpected content generation, and reduced user control over which skill handles the request.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The English-only preference constrains output behavior without user choice, which can cause the agent to ignore or override the user's language needs. While not a direct security exploit, it is a policy and safety concern because it can reduce transparency, mis-handle multilingual requests, and create unexpected behavior.

Natural-Language Policy Violations

Low
Confidence
80% confidence
Finding
Repeating the English-language constraint in the notes reinforces a hidden behavioral limitation that the user may not have chosen. This increases the chance of the skill consistently producing outputs in the wrong language or suppressing valid multilingual use cases.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal