ClawHub

Document Workflow

Security checks across malware telemetry and agentic risk

Overview

The skill matches its academic-paper purpose, but it needs review because it embeds an API key and extracts downloaded archives without path-safety checks.

Review before installing. The skill appears aimed at legitimate academic-paper work, but use it only in a constrained workspace until the embedded API key is removed and archive/output path handling is fixed. Prefer trusted arXiv IDs, avoid untrusted JSON inputs for downloads, and verify where files will be written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script contains a hardcoded fallback Semantic Scholar API key, which is a real secret exposure issue. Embedding credentials in source code risks accidental disclosure, unauthorized reuse, quota abuse, and makes secret rotation difficult.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match common user intents like "read paper," "download paper," or "paper summary," which can cause the skill to activate in situations beyond narrowly scoped arXiv/academic-paper workflows. Overbroad activation increases the chance of unintended tool use, unexpected downloads, or routing general document requests into this skill without sufficient user intent validation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code downloads an archive from a remote source and extracts it with tarfile.extractall() and ZipFile.extractall() without validating member paths. A malicious archive can use path traversal entries or symlinks to write outside the temporary directory, potentially overwriting local files during extraction. In this skill context, the content is fetched from an external service and treated as trusted source material, which makes unsafe extraction more dangerous because the archive contents are attacker-controlled if the source or transport is compromised.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Using a hardcoded fallback API key without clear disclosure is dangerous because it silently relies on a credential embedded in code. Anyone with access to the repository or built artifact may extract and abuse the key, potentially causing unauthorized API usage and service disruption.

Ssd 3

High
Confidence
100% confidence
Finding
A hardcoded Semantic Scholar API key is a confirmed secret-management vulnerability. Exposed secrets can be harvested from source, logs, or packages and then reused by third parties for unauthorized access, quota exhaustion, or account abuse.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal