ClawHub
Back to skill

Security audit

Luke Pdf Read Summarize

Security checks across malware telemetry and agentic risk

Overview

This PDF summarizer is mostly aligned with its purpose, but it packages an upload script with an exposed bearer token and uses broad activation wording that could cause unexpected document handling.

Review this skill before installing. Use it only with PDFs you intentionally provide, and remove or ignore upload.sh; the publisher should revoke the exposed token and replace it with environment-based credentials. A safer version should narrow activation to explicit PDF summarization requests and confine file reads to approved attachments or a trusted workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to match very common words like "PDF", "文档", "摘要", and "总结", which can cause the skill to activate in contexts where the user did not specifically request this tool. Unintended activation can lead to inappropriate file access or surprising behavior, especially in environments with multiple skills or mixed user intents.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script contains a hardcoded bearer API token directly in source code and uses it to upload content to a remote service. Hardcoded secrets are easily leaked through source control, logs, backups, or local file disclosure, allowing unauthorized parties to impersonate the owner and perform uploads or other API actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
pdf-read-summarize.tool.js:90

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
upload.sh:4