ClawHub

md-pdf-report

Security checks across malware telemetry and agentic risk

Overview

This skill coherently converts Markdown reports to PDFs and sends the resulting files back through chat, with disclosure but some activation and privacy caveats.

Install this if you want an agent to create Markdown reports, convert them to PDF, and return both files as chat attachments. Avoid using it for confidential or regulated documents unless sending the Markdown and PDF through your chat platform is acceptable, and use explicit PDF requests when you do not want broad report prompts to trigger file generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is extremely broad and includes many common phrases like 'PDF version', 'give me a PDF', and generic report-related terms, which can cause the skill to activate on routine user requests that may not have intended file generation or delivery side effects. In an agent environment, over-broad auto-invocation increases the chance of unintended processing and downstream file exfiltration to chat, especially when paired with automatic delivery behavior described elsewhere in the README.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises automatic sending of both the generated PDF and the source Markdown to chat, but it does not prominently warn that potentially sensitive report contents will be transmitted back through the chat channel. This creates a data exposure risk because users may assume local conversion only, while the skill is designed to redistribute the original and derived documents automatically.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough that normal user requests about creating or exporting a PDF could invoke this skill unexpectedly, even when the user did not intend to use this specific workflow. In an agent ecosystem, over-broad activation can cause unintended file generation, tool execution, or routing to the wrong skill, which is a real safety and reliability issue even though it is not overtly malicious.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad, common phrases such as requests for a PDF version or long-form analytical content, which can cause the skill to activate in situations where the user did not intend file generation or shell-backed conversion. Because this skill performs file and command-line operations, overbroad activation increases the risk of unintended execution and handling of sensitive content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage guidance defines activation conditions like 'research report,' 'fact-check report,' and any long analytical content needing editable source, which are ambiguous and likely to match ordinary conversations. In the context of a skill that can write files and run local conversion commands, this ambiguity can lead to accidental invocation, unnecessary artifact generation, or processing of content in contexts where the user only wanted textual assistance.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The design explicitly makes automatic file delivery to chat mandatory, but the document does not mention consent, destination verification, or the risk that sensitive report contents may be transmitted to third-party chat platforms. In a report-generation skill, this can lead to unintended disclosure of confidential research, fact-check drafts, or internal proposals when users expect only local generation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal