ClawHub

official-document-drafting

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Chinese official-document drafting and Word-export helper, with disclosed local file and font-management behavior but no evidence of hidden exfiltration or destructive actions.

Install this if you want Chinese official-document drafting and local Word export support. Review generated documents before official use, especially legal, policy, private, or public-facing materials. Run the optional font download script only if you accept unverified third-party font downloads, and specify an output path when saving sensitive documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script fetches executable-input-equivalent assets from third-party hosts at runtime without integrity verification, pinning, or host hardening. Even though fonts are expected for a document-drafting skill, unverified remote downloads create a supply-chain risk: a compromised upstream source, MITM in a misconfigured environment, or unexpected content change could introduce malicious or malformed font files into downstream processing.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill enables implicit invocation for a broad document-drafting capability without any trigger constraints, exclusions, or user-confirmation boundaries. This can cause the agent to auto-route unrelated or sensitive requests into the skill, leading to unintended handling of user data, mistaken authority framing, or generation of official-looking documents without explicit consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow directs the agent to save files to a default local directory when the user has asked to save but not specified a path, without requiring explicit confirmation of the destination. This can cause unintended writes to the local filesystem, expose sensitive document contents in a predictable location, and violate least-surprise expectations in environments where file creation is security-sensitive.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The alias "专报" is overly generic and can match many unrelated requests for formal report drafting, causing the agent to invoke this specialized skill when the user did not intend a risk/incident/sentiment briefing format. In this skill family, incorrect routing matters because document type controls tone, structure, and framing for official materials, which can lead to misleading or improperly classified outputs in sensitive administrative contexts.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The profile description is very broad and includes generic actions like drafting, rewriting, summarizing, and standardizing, which can cause the skill to be invoked for ordinary writing tasks outside the intended official-document domain. In systems with implicit invocation enabled, this can misroute user requests, apply the wrong policy/template set, and produce misleadingly formal or domain-inappropriate outputs.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill metadata and prompts consistently prescribe Chinese official-document output without indicating user-choice, locale detection, or justification for overriding the user's preferred language. This can lead to unwanted language switching, reduced usability, and incorrect handling of multilingual or non-Chinese requests, especially when the skill is auto-invoked.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal