ClawHub

Vector Text Fixer

Security checks across malware telemetry and agentic risk

Overview

The skill appears local and non-exfiltrating, but it claims to create repaired PDF/SVG files while the code only analyzes files and can report output paths that were never written.

Review this carefully before installing. It does not show exfiltration or destructive behavior, but do not rely on it to produce repaired PDF/SVG outputs unless you verify files are actually created. Use it only on copies of documents, treat JSON exports as sensitive because they include extracted text, and pin or verify dependencies before running it in an agent environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The PDF fixer reports success and returns an output path, but it never writes a repaired PDF or modifies the source document. This is dangerous because users and downstream automation may trust that a sanitized or editable file was produced when only analysis metadata exists, leading to workflow integrity issues and accidental reliance on nonexistent remediation.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
Batch mode constructs filenames prefixed with 'fixed_' and prints them as successful outputs, but the underlying fix routines do not create repaired PDF/SVG files. This can mislead operators into believing a whole batch was remediated, causing silent process failure and possible publication or reuse of uncorrected documents.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The CLI presents 'Analysis complete' and shows an output path as if a repaired artifact was generated, despite no write operation occurring for normal fix mode. In security-sensitive or automated environments, deceptive success messaging can cause users to distribute untreated files or skip manual verification.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The JSON export serializes extracted document text, positions, and font metadata to disk without any warning, minimization, or consent step. Because PDFs and SVGs often contain sensitive content, this increases the risk of unintentional data disclosure through leftover export files, logs, or sharing with AI tools as the feature encourages.

Unpinned Dependencies

Low
Category
Supply Chain
Content
bs4
dataclasses
fitz
Confidence
94% confidence
Finding
bs4

Unpinned Dependencies

Low
Category
Supply Chain
Content
bs4
dataclasses
fitz
Confidence
91% confidence
Finding
dataclasses

Unpinned Dependencies

Low
Category
Supply Chain
Content
bs4
dataclasses
fitz
Confidence
95% confidence
Finding
fitz

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal