ClawHub

File To Json Parsing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote AgentPMT file-parsing skill, with privacy considerations but no artifact evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable sending selected file contents or cloud file IDs to AgentPMT for processing. Do not use it on secrets, credentials, highly sensitive personal data, legal or medical records, or confidential business files unless the user has explicitly approved that transfer and the AgentPMT account and retention terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The schema materially exceeds the stated purpose of 'file-to-JSON parsing' by adding broader document extraction capabilities for PDF, RTF, text, XLS/XLSX/ODS, and base64 conversion. This scope expansion increases the attack surface and makes it easier for an agent to access and transform arbitrary user files in ways the manifest does not clearly disclose, undermining least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A standalone file-to-base64 action allows opaque extraction and repackaging of arbitrary file contents without performing the advertised parsing function. That makes the skill useful as a generic data exfiltration or relay primitive, especially because base64 output can bypass casual content scrutiny and be forwarded into other tools or prompts.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's activation keywords and use cases are broad enough that an agent could invoke this remote file-processing tool for many generic 'parse file' tasks without surfacing that file contents will be sent to a third-party service. In a file-handling skill, overbroad routing materially increases the chance of unintended exfiltration of sensitive uploads such as invoices, contracts, spreadsheets, or calendars.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill encourages users to provide raw file content via base64 or file IDs to a remote service, but the description does not clearly warn that uploaded file contents are transmitted off-platform to AgentPMT. Because this tool is designed for broad document ingestion, the omission can cause accidental disclosure of sensitive business documents, personal data, or regulated content.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The schema encourages ingestion of cloud-stored files and inline base64 content across many formats but provides no warning that these inputs may contain sensitive or regulated data. In an agent setting, this omission can cause users or downstream agents to route confidential documents through the skill without understanding privacy, retention, or exposure implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal