ClawHub

TextIn xParse Document Parse (Safer Fork)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent document-parsing skill, but users should understand it relies on xparse/TextIn services and may process documents outside the local machine.

Install only if you are comfortable using xparse/TextIn for document processing. Inspect the remote installer before approving it, avoid sending confidential documents unless external processing is acceptable, and treat APP_ID, SECRET_CODE, and document passwords as sensitive secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description is unusually broad and repeatedly encourages using this skill whenever a task starts from a local file or document URL, which can cause the agent to invoke a network-backed parser for many ordinary document requests by default. That broad routing increases the chance of unnecessary data exposure, overuse of an external service, and tool selection bypassing safer local inspection paths when handling sensitive documents.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to save API credentials in `~/.xparse-cli/config.yaml` or export them as environment variables, but it does not warn that these secrets may be stored in plaintext, exposed through shell history, inherited by child processes, or accidentally disclosed in logs and support output. In a document-parsing skill that is likely to be used in automation and production workflows, this omission increases the chance of credential leakage and subsequent unauthorized use of the paid API account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal