ClawHub

中文公文写作技能

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese official-document generator, but its optional font installer can make persistent local font changes.

Install if you need Chinese official-document .docx generation. Run the font installer only after reviewing it and confirming you are allowed to copy or install those fonts on the machine; on managed systems, prefer manual user-scoped font installation. Do not use real confidential official content unless your organization permits this local workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This script installs fonts into host OS font directories and, on Windows, writes to the system font registry under HKLM, which requires elevated privileges and changes global system state. For a document-generation skill, modifying the host environment is broader than necessary and creates an unnecessary trust and attack surface if the script is run in sensitive environments.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script scans host font directories and copies matching font files into the skill's own `fonts` directory, effectively collecting local system resources into the package workspace. In this skill context, that behavior is not strictly required for generating documents and can unintentionally exfiltrate licensed or locally installed fonts into places that may later be bundled, synced, or exposed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to run an installation script that copies fonts into system font directories and implies automatic installation, but it does not clearly warn about system modification, privilege requirements, or the risks of executing a script that changes OS font state. In an agent skill context, this is dangerous because users may run the script with elevated privileges based solely on the documentation, increasing the blast radius if the script is flawed or later modified.

Vague Triggers

High
Confidence
88% confidence
Finding
The invocation guidance is overly broad, saying essentially any wording related to document generation should trigger this skill. Over-broad routing can cause the agent to invoke a more capable skill than necessary, exposing users to file generation or shell-related behaviors in contexts where simple text assistance would suffice.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The dialog manager records raw user input and timestamps for every step, which may include sensitive official-document content, recipient information, signer names, and potentially classified metadata. In this skill context, that is more dangerous because the workflow explicitly supports secret levels such as 秘密/机密/绝密, so storing all inputs without minimization, warning, or retention controls increases privacy and confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal