ClawHub

智能文档处理Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not destructive, but it presents itself as real AI document processing while the implementation returns mock and random results.

Install only for experimentation or as placeholder code. Do not use it for contracts, financial records, legal review, compliance, or any workflow where document accuracy matters until it is clearly labeled as a demo or replaced with real file parsing, metadata extraction, and conversion logic.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims to process documents based on a provided file path, but it never reads the file and instead returns hardcoded sample text plus fabricated metadata such as size, author, and timestamps. This is dangerous because downstream agents or users may trust the output as file-derived truth, leading to integrity failures, bad decisions, or security controls being bypassed when fake analysis is accepted as real.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The OpenClaw invocation examples use broad natural-language triggers such as '解析这个PDF文档' and '提取合同中的关键信息' without any stated scope checks, confirmation steps, or limitations on which files may be accessed. In an agent environment, overly generic triggers can cause unintended activation on sensitive documents and increase the chance of privacy-impacting processing beyond user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises extraction, analysis, summarization, entity recognition, and multi-format document handling, but it does not warn users that these operations may process contracts, personal data, financial data, or other confidential content. This omission is risky because users may unknowingly expose sensitive material to automated analysis or downstream storage/output flows without understanding the privacy implications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes file conversion and batch output features, including an example with 'overwrite: true', but does not warn that these operations can modify or replace existing files and outputs. In practice, this can lead to accidental data loss, corruption of source/output artifacts, or unsafe bulk operations if users run conversions in the wrong directory or with incorrect assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal