CamScanner Remove PDF Watermark

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads a user-selected PDF to CamScanner to remove visible watermarks and saves the result locally, with the main risks being authorization and document privacy.

Install only if you are comfortable uploading PDFs to CamScanner's cloud service and you have the right to remove the watermark, stamp, or logo. Avoid using it on confidential, regulated, licensed, or third-party documents unless you have permission and accept the privacy implications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill is explicitly designed to remove watermarks from PDFs, and its trigger phrases are broad enough to activate on generic user requests to 'unwatermark' documents. That creates a policy and abuse risk because watermarks often signal ownership, attribution, confidentiality, or licensing status, so broad invocation can facilitate unauthorized content alteration.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill sends user PDFs to a third-party service for processing, which exposes potentially sensitive document contents outside the local environment. Even with a disclosure note, this creates confidentiality and compliance risk if users submit personal, legal, financial, medical, or regulated documents without strong consent and data-handling controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal