ClawHub

PDF Translate

Security checks across malware telemetry and agentic risk

Overview

This skill is a local PDF-to-Chinese translation workflow with some confusing legacy scripts, but no evidence of hidden execution, credential access, exfiltration, or destructive behavior.

Install only if you want an agent to read PDFs and create local Chinese Markdown/PDF outputs. Prefer the documented md2pdf.py workflow, verify output paths for sensitive files, and avoid running scripts/generate_complete_pdf.py or scripts/translate_pdf.py as standalone translators unless you review and modify them first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
A description-behavior mismatch is dangerous because users and orchestrators may grant trust based on the declared purpose while bundled scripts do something materially different, including writing to fixed filesystem paths and generating content unrelated to the requested translation. In an agent setting, hidden side behavior undermines consent and can lead to unauthorized file writes, unexpected document generation, or execution of legacy code paths the user did not ask for.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script does not implement the advertised PDF translation workflow at all; instead it embeds a fixed translated document and generates a PDF from that hardcoded content. In an agent skill, this mismatch is dangerous because users may trust it to process their supplied documents, while it silently ignores input and produces unrelated output, which can mislead downstream automation and conceal unexpected behavior.

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The script writes output to a hardcoded user-specific absolute path instead of using a caller-supplied destination or a safe temporary workspace. In an agent context, this can cause unintended file writes, overwrite user data, fail unpredictably across environments, and disclose information about the developer's local filesystem layout.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script advertises PDF translation but does not perform any translation; it only extracts text and rebuilds a PDF. In an agent skill context, this is a security-relevant integrity issue because users and downstream automation may trust the output as translated content, causing silent misinformation, workflow corruption, or incorrect publication of untranslated material.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The function explicitly returns the original text unchanged while its documentation says it translates text. This mismatch creates deceptive behavior that can mislead users, orchestrators, or other components into treating untranslated output as authoritative translated content, which is especially risky in document-processing pipelines.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The main flow acknowledges that translation is not performed and still generates an output PDF from the original text. Because the skill is presented as a PDF translator, this discrepancy increases the chance of silent failure and user deception, which is more dangerous in an agent skill where actions may run unattended and outputs may be relied on without manual review.

Missing User Warnings

Low
Confidence
76% confidence
Finding
Instructing the agent to write output files into the source document directory without explicit user warning or confirmation can overwrite user expectations about where data is stored and may leak translated content into sensitive locations such as synced folders or shared project trees. While not inherently malicious, silent filesystem writes are risky in automation contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal