ClawHub

PDF Math Translate

Security checks across malware telemetry and agentic risk

Overview

This is a user-directed PDF translation skill; the main risk is privacy when users choose online demos or third-party translation providers.

Use local or self-hosted translation for confidential, unpublished, regulated, or proprietary PDFs. If using online demos or providers such as OpenAI, DeepL, MiniMax, DeepSeek, GLM, or Hugging Face-hosted deployments, review their privacy and retention terms first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes online demos and multiple translation services for PDF processing but does not disclose that uploaded documents may be transmitted to third-party services. For a scientific PDF translation tool, users may upload unpublished papers, proprietary research, or sensitive documents, so the lack of a privacy warning can lead to unintended data exposure and poor informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly promotes online usage and integration with third-party translation providers for scientific PDFs, but it does not warn users that uploaded documents may contain unpublished research, personal data, confidential annotations, or sensitive figures. In this context, omission of a privacy/data-exposure warning can lead users to send sensitive content to external services without informed consent, increasing the risk of confidentiality loss and compliance violations.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal