ClawHub

Doc Miner

Security checks across malware telemetry and agentic risk

Overview

Doc Miner is a disclosed external document-analysis skill, with the main risk being that user-provided text or URLs are sent to AIProx.

Install only if you are comfortable sending the URLs, documents, or pasted text you provide to AIProx and its downstream analysis provider. Avoid submitting confidential, regulated, or internal-only material unless AIProx's terms, retention promises, and billing controls meet your needs; use a spend token with appropriate limits where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
## Make Request

```bash
curl -X POST https://aiprox.dev/api/orchestrate \
  -H "Content-Type: application/json" \
  -H "X-Spend-Token: $AIPROX_SPEND_TOKEN" \
  -d '{
Confidence
95% confidence
Finding
curl -X POST https://aiprox.dev/api/orchestrate \ -H "Content-Type: application/json" \ -H "X-Spend-Token: $AIPROX_SPEND_TOKEN" \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal