ClawHub

Word Document Creator

Security checks across malware telemetry and agentic risk

Overview

The skill mainly creates Word documents, but it includes unrelated memory/database persistence references without clear user control or data limits.

Review before installing. Use only with non-sensitive documents unless the mem9 persistence references are removed or clearly made opt-in with documented data scope, retention, and deletion controls. Verify output paths carefully to avoid overwriting existing Word files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation explicitly includes `os.system('chcp 65001 > nul')`, which introduces shell-command execution into a skill whose stated purpose is only Word document creation. Even though the shown command is fixed and appears intended for encoding setup, normalizing shell execution in a document-generation skill expands the attack surface and can become dangerous if later parameterized or copied into implementation without strict controls.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill documentation references storing 'successful experience' in a mem9 database, which is unrelated to the core function of creating Word documents. Adding persistence to a document-generation skill creates unnecessary data retention and cross-task data exposure risk, especially if titles, content, file paths, or user-derived outputs are stored without consent or minimization.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The manifest for a local Word document creation skill contains unrelated backup/service metadata, including a storage identifier and tenant identifier. Even if these are not active secrets, exposing internal service references and API behavior leaks operational context that can aid enumeration, targeting of external systems, or accidental cross-system data exposure.

Ssd 3

Medium
Confidence
97% confidence
Finding
Instructing the skill to store prior execution details in a memory database creates a real data retention risk because document-generation tasks often handle sensitive user content, titles, and output locations. Persisting such information in natural-language memory can leak confidential business data across sessions, users, or downstream tools if access controls and retention boundaries are weak or undocumented.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal