ClawHub

自动从中间空白处切割A3试卷a3-pdf-splitter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local A3-to-A4 PDF splitter, with only a minor caution that its trigger wording is broader than ideal.

Install it only if you want a local tool that converts A3 PDFs into A4 output PDFs. Use a virtual environment for the pip dependencies, review the output path before running because existing files may be overwritten, and ask the agent to confirm before using this skill for generic PDF or printing requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger examples are broad enough to match common user requests like PDF splitting or printing preparation, which can cause the skill to activate unexpectedly outside a narrow A3-exam-paper context. In an agent environment, over-broad invocation can route unrelated files into this skill, increasing the chance of unintended file processing or confusing tool selection.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README states that when users mention several broad PDF-related needs, this skill 'must' be used, which creates an overly broad activation surface. That can cause unintended invocation on loosely related requests, leading the agent to process local files or transform documents when the user did not explicitly intend to use this specific tool.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill manifest says the skill "must" be used whenever several Chinese trigger phrases appear, with no opt-in, confirmation, or language-selection logic. This can cause inappropriate automatic routing of user requests to this skill, especially for ambiguous requests like generic PDF splitting or printing, reducing user control and increasing the chance of unintended file handling.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The triggering conditions are broad and ambiguous, covering generic terms such as PDF splitting, A3-to-A4 conversion, and exam printing. In context, this increases the risk that unrelated document workflows are captured by this skill, causing misrouting, unintended processing of local files, and bypass of safer or more appropriate alternatives.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal