ClawHub

EPUB ↔ PDF Converter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward EPUB/PDF conversion guide with ordinary file outputs and a disclosed Calibre install step, including sudo examples users should review manually.

Install only if you are comfortable with a local document-conversion workflow. Review any package-manager command yourself before running it, especially sudo commands, confirm output filenames to avoid overwrites, and only convert or redistribute documents you have the right to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes package installation commands that modify the host system, including `sudo apt-get install -y calibre` and `sudo dnf install calibre`, without any warning that they require elevated privileges and will change system state. In an agent context, this is dangerous because users may authorize or copy-paste privileged commands without understanding the trust and persistence implications of installing large third-party software.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill directs users to write outputs into `research/sources/` and later remove temporary files, but it does not clearly disclose that it will create, overwrite, and delete files on disk. This is a real but low-severity safety issue because file-writing behavior is expected for a conversion skill, yet lack of warning can still lead to accidental data loss or unintended persistence in automated workflows.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
brew install calibre

# Ubuntu/Debian
sudo apt-get install -y calibre

# Fedora/RHEL
sudo dnf install calibre
Confidence
96% confidence
Finding
sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal