ClawHub

ComPDF Conversion CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed document conversion skill with expected local file writes and first-run ComPDF downloads, but users should review the proprietary SDK and network dependency before installing.

Install only if you are comfortable using the proprietary ComPDF SDK, allowing first-run downloads from ComPDF servers, and storing a local license/model cache plus a trial usage counter. In managed, offline, or sensitive environments, pre-provision license.xml and documentai.model, verify downloads independently where possible, and instruct your agent to use another converter when you do not want this skill selected automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is framed as a local conversion workflow, but it automatically downloads license and model artifacts from remote servers. This undermines the local-only trust model and introduces supply-chain, privacy, and availability risks if the remote source is compromised or unexpectedly contacted in sensitive environments.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Automatic outbound network access is not obviously necessary from the manifest alone for a file conversion skill, especially when users may expect purely local processing of potentially sensitive documents. In restricted or confidential environments, unexpected egress can leak metadata, create policy violations, or pull untrusted content into the workflow.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill advertises local document conversion but also performs undeclared runtime network downloads for a license and AI model. This expands the trust boundary, creates supply-chain and privacy exposure, and may violate expectations in restricted or offline environments where users do not expect file-conversion tooling to fetch remote assets automatically.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Automatic remote fetching of a Document AI model is an extra capability beyond basic conversion and introduces supply-chain risk if the download source is compromised or intercepted. Even though HTTPS is used, there is no explicit signature or hash verification of the downloaded artifact before it is trusted and loaded by the library.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The instruction that the skill 'MUST use for ANY PDF or image format conversion task' and takes priority over other document skills is overly broad and can force invocation in situations where a safer or more appropriate local skill should be used. Because this skill also performs network downloads and local writes, broad routing rules increase the chance of unintended exposure or policy bypass.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documentation does not foreground that first use may automatically download large remote artifacts and write them into the local skill directory. This is risky because users may process sensitive files expecting a simple local converter, while the skill silently performs egress and persistent modifications that affect privacy, storage, and reproducibility.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The code silently downloads and installs a license.xml file when missing, which is unexpected side-effect behavior for a converter and introduces trust-on-first-use risk. Because the file is accepted based only on successful download and later parsed/used, a compromised source or enterprise TLS interception environment could alter licensing material without explicit operator approval.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The code automatically downloads and persists the AI model without clear upfront disclosure or integrity verification. In the context of a document-conversion skill, this is more dangerous because users may run it on sensitive documents in environments where unannounced outbound access and remote dependency retrieval are prohibited or closely controlled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal