ClawHub

docx-md

Security checks across malware telemetry and agentic risk

Overview

This DOCX tool performs the documented local read, edit, and finalize workflow, with the main risks being file overwrites, loss of tracked changes/comments in finalized outputs, and unpinned dependencies.

Install only if you are comfortable letting the skill read DOCX contents and write derived files. Use copies of important documents, review edited outputs before replacing originals, treat Finalize as removing tracked changes and comments from the output, and pin/review the Python dependency versions in sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly performs filesystem reads and writes on user-supplied DOCX and output paths, but the metadata declares no permissions. This creates a trust and policy gap: orchestrators or reviewers may treat the skill as lower risk than it is, even though it can access and modify local files.

Missing User Warnings

High
Confidence
81% confidence
Finding
The finalize step is described as accepting all revisions and removing comments, which is a destructive operation that can permanently discard review history and annotations. In a document-review workflow, especially for contracts or legal review, omission of an explicit warning or confirmation requirement increases the chance of accidental irreversible data loss.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
This reference explicitly describes a flow that writes AI-generated edits back into DOCX files, but it does not warn that the operation modifies the original document and may alter revision/comment state. In a low-level document editing skill, that omission is security-relevant because an agent or integrator may invoke it on sensitive legal or review documents without adequate user confirmation or backup safeguards.

Missing User Warnings

High
Confidence
97% confidence
Finding
The finalize section describes accepting all revisions and removing all comments, which irreversibly destroys review history and annotations if applied to the source document. In this skill's context—AI-assisted document review for DOCX—this is especially dangerous because tracked changes and comments often contain critical legal, compliance, or audit information, and an automated agent could remove them without the user fully understanding the consequence.

Unpinned Dependencies

Low
Category
Supply Chain
Content
lxml>=4.9.0
docx-revisions>=0.1.3
Confidence
92% confidence
Finding
lxml>=4.9.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
lxml>=4.9.0
docx-revisions>=0.1.3
Confidence
83% confidence
Finding
docx-revisions>=0.1.3

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
lxml

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal