ClawHub

xdoc-translationx

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Xdoc translation skill, with expected API-key use and external document upload behavior disclosed in the artifacts.

Install only if you trust Xdoc with the documents or text you translate. Keep XDOC_API_KEY in a secure environment variable or secret store, avoid submitting confidential or regulated content without authorization, and review delete/edit operations for glossaries and translation memories before applying them to important account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Privacy & Data Handling

- **Data Encryption**: All data transmitted via HTTPS/TLS
- **Data Retention**: Uploaded files are automatically deleted after 7 days
- **No Third-Party Sharing**: Your documents are not shared with third parties
- **Compliance**: Service complies with GDPR and data protection regulations
- **Data Location**: Files are processed and stored in secure cloud infrastructure
Confidence
80% confidence
Finding
automatically delete

Memory Manipulation

High
Category
Memory Poisoning
Content
| Create Memory | `/memory-libs/create` | POST |
| List Memories | `/memory-libs/list` | POST |
| Edit Memory | `/memory-libs/edit` | POST |
| Delete Memory | `/memory-libs/delete` | POST |
| Add Entries | `/memory-entries/add` | POST |
| List Entries | `/memory-entries/list` | POST |
| Edit Entry | `/memory-entries/edit` | POST |
Confidence
80% confidence
Finding
Delete Memory

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal