Back to skill
Skillv3.0.1
VirusTotal security
Pdf To Markdown · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:54 AM
- Hash
- 70a3301d88284dc78155ca6cdfef301d54035cd82155bd9420505a92c297281e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pdf-to-markdown Version: 3.0.1 The skill bundle provides a comprehensive set of tools for converting PDF files to Markdown, including table and metadata extraction. However, it is classified as suspicious due to multiple command injection vulnerabilities in `scripts/script.sh`. Specifically, functions like `_extract_with_python`, `_get_page_count`, and `cmd_info` expand the `$file` shell variable directly into Python heredocs without sanitization (using unquoted `<<PYEOF`), which could allow arbitrary code execution via maliciously crafted filenames. While these appear to be unintentional security flaws rather than deliberate malice, they pose a significant risk to the environment where the agent operates.
- External report
- View on VirusTotal