ClawHub

academic-literature-summary

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a text-only academic summarizer, but its optional DOCX/PDF mode tells the agent to create publisher-branded, journal-like documents and visuals that users could mistake for official or source-derived material.

Review before installing if you plan to use DOCX/PDF output. The Markdown summarizer appears proportionate, but generated documents should be clearly labeled as AI-generated summaries and should avoid publisher logos, journal mastheads, or unlabeled reconstructed figures/charts. Verify any statistics, figures, and images against the original paper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad phrases such as requests to summarize, review, or extract methods from literature, which can overlap with many ordinary academic assistance tasks and cause the skill to activate outside a narrowly intended scope. Over-broad activation is dangerous because it can hijack unrelated user workflows, force a rigid output format, or route sensitive uploaded documents into this skill when a more appropriate tool or general assistant response was expected.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill sets Chinese as the default output language without clearly honoring user language preference, which can override user intent and produce unintended disclosure or transformation of content. In a document-processing context, forced translation or language conversion can also introduce fidelity issues, especially for technical or sensitive academic material where exact wording matters.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal