When to Use

Name: word
Author: ivangdavila

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

Vulnerable to prompt injection, the

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

When to Use: User needs Microsoft Word controlled as a live application, not treated as a `.docx` file format. Agent handles app attach, active document state, selection-aware edits, comments, track changes, export, and clean shutdown through the official `osascript` CLI. If the main artifact is offline DOCX creation or structural file editing, use `word-docx` instead.

Actually does

This skill uses `osascript` to directly control a live Microsoft Word application on macOS. It accesses local Word documents and manages skill-specific memory files in `~/word/`. The skill does not contact external URLs or cloud services directly.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

Nameivangdavila/word

Registryclawhub

Version1.0.0

PURLpkg:clawhub/ivangdavila/word@1.0.0

Stars1

Downloads1,283

Installs20

Source

Repository ↗

SHA-25695f90fcb31f5...

SHA-1a1ee1acc2346...

MD5dc8abe744733...

TLSH90c1a677f695...

ssdeep96:cBRWZAjj9...

Size5,995 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/ivangdavila/word

1,283 downloads20 installs

ClawHubDocs

openclaw skills install ivangdavila/word

Assessments (3)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.91)

91% confidence

Arbitrary command execution via osascriptcriticalcommand execution

The skill requires `osascript`, which can execute arbitrary shell commands via `do shell script`. An attacker could craft prompts to induce the agent to execute malicious system commands.

100% confidenceline 8

`requires":{"bins":["osascript"]}`

Data exfiltration and persistence via osascripthighdata exfiltration

The `osascript` capability, while intended for Word automation, can also be used to read, write, and modify files on the local filesystem, potentially leading to data exfiltration or establishing persistence mechanisms.

90% confidenceline 8

`requires":{"bins":["osascript"]}`

Reliance on local files for configuration and executionmediumsupply chain

The skill uses local Markdown files (e.g., `setup.md`, `memory.md`) for configuration and setup. If these files are compromised, the agent could be instructed to execute malicious content from them.

80% confidenceline 19

If `~/word/` does not exist, run `setup.md`.

Risk of human approval fatigue for destructive actionslowapproval fatigue

The skill requires explicit human confirmation for destructive actions. Frequent requests for approval could lead to human overseers approving actions without sufficient scrutiny.

70% confidenceline 45

Explicit confirmation before destructive document actions.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/word.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/word)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/word"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/word.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/word.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow