ClawHub

Upstage Information Extraction

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Upstage document-extraction helper, but extracted results can contain sensitive data and are saved locally by default.

Install only if you are comfortable sending the target documents to Upstage and storing extracted JSON locally. Keep UPSTAGE_API_KEY in an environment variable, choose a protected output path for sensitive results, and delete temp extraction files when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill documentation adds default local file-writing behavior and user-controlled output paths even though the manifest describes an API-based extraction capability, not filesystem modification. This broadens the skill's effective permissions and can cause sensitive extracted document contents to be written to disk unexpectedly, creating data exposure and persistence risks.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Allowing the user to override the output path gives the skill an arbitrary local file write primitive unrelated to its stated purpose of information extraction. If honored by an agent, this could overwrite application files, place sensitive data in unsafe locations, or be abused for privilege-boundary violations depending on the runtime environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation states that extracted JSON is written to disk by default but does not prominently warn that potentially sensitive document contents will persist locally. This can surprise users and operators, especially for invoices, receipts, and trade documents that often contain financial or personal data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal