ClawHub

everything to markdown

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed document-to-Markdown conversion helper, with some broad optional capabilities users should enable thoughtfully.

Install this if you want broad document and media conversion, but use it on files and URLs you are comfortable processing. Prefer minimal extras when possible, avoid untrusted plugins or custom converters, and be careful converting sensitive documents, audio, or metadata-rich files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The install step uses `pip3 install 'markitdown[all]'`, which enables a very broad set of optional features and transitive dependencies beyond basic document-to-Markdown conversion. In an agent environment this unnecessarily expands the attack surface, increases supply-chain risk, and may activate capabilities such as media/network-related processing that are not required for many deployments.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The advanced API example enables plugins and custom converters, which introduces extensibility capable of executing additional code paths outside the core conversion function. In a skill intended for document conversion, advertising plugin execution without trust boundaries or warnings can lead operators to load untrusted extensions and broaden the execution surface.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill highlights YouTube extraction, audio transcription, and metadata extraction, but does not pair these capabilities with clear privacy, consent, or sensitive-data handling warnings near the feature description. In agent workflows, this can normalize processing and persisting sensitive media or metadata without adequate safeguards, creating confidentiality and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal