ClawHub

document-management

Security checks across malware telemetry and agentic risk

Overview

This PDF management skill does what it says, but it can automatically reorganize local files and save full extracted document text without a required preview or confirmation.

Install only if you are comfortable with the agent reading every PDF in the chosen folder, writing extracted text into that folder, and moving PDFs into new category folders. Use a copy of important folders first, and ask for a dry-run plan plus explicit confirmation before allowing any file moves.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match many ordinary document-related requests, which can cause the skill to activate outside its intended scope. In this skill, that is more dangerous because the workflow includes local file operations, so accidental invocation could lead to unintended document processing or reorganization.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly states it will automatically move documents into classified folders, but it does not require an explicit user confirmation or warn that local files will be modified. Because this operates on user-provided local directories, a mistaken or overly broad invocation can change file layout, break user workflows, and risk data loss if moves collide with existing organization expectations.

Missing User Warnings

High
Confidence
99% confidence
Finding
These instructions operationalize the destructive behavior by directing the agent to create folders and move each PDF without a user-facing warning, review step, or recovery mechanism. In context, the danger is elevated because classification is model-driven and can be wrong, meaning the agent may reorganize a local corpus incorrectly at scale.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Mandating Chinese folder names without user choice can create compatibility, usability, and interoperability problems, especially on systems, tools, or workflows that expect another language or limited character handling. In a file-moving skill, this increases the chance of confusion, broken automation, and difficulty locating or restoring documents after reorganization.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The script automatically writes full extracted PDF text into a predictable JSON file inside the user-supplied folder without confirmation or an explicit warning. If the PDFs contain sensitive information, this creates an unintended local data exposure risk because plaintext copies may persist, be synced, indexed, or read by other local users/processes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal