ClawHub

Change permissions of PDF

Security checks across malware telemetry and agentic risk

Overview

This skill uploads PDFs to a named third-party API to change permissions, which matches its stated purpose but requires care with sensitive documents.

Install only if you are comfortable sending the PDF and permission settings to api.xss-cross-service-solutions.com. Avoid using it for confidential, regulated, or customer documents unless that third-party service is approved for your data, and prefer a local PDF tool when external processing is not acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares only `http` and `files` tools, but the analysis indicates effective use of additional capabilities such as environment access and network use for API-key handling and outbound requests. This creates a transparency and least-privilege problem: reviewers and users may not understand the full data-access and transmission surface, especially since the skill processes user PDFs and credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly instructs users to upload a local PDF and bearer API key to a third-party remote service, but it does not clearly warn that document contents will leave the local environment and be processed externally. This creates a real data exposure risk for sensitive PDFs because users may treat the skill like a local file operation when it is actually a cloud transfer workflow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill handles potentially sensitive PDF documents but does not present a prominent user-facing warning that the file will be uploaded to an external third-party service. This omission can cause inadvertent disclosure of confidential documents, especially in enterprise or regulated contexts where users may assume local-only processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads the full PDF contents to a third-party remote API, but the code does not provide an explicit user-facing warning at the point of execution that document contents will leave the local environment. In a document-processing skill, this behavior is functionally expected, but it is still a real data exposure risk because PDFs may contain sensitive or regulated information and users may not realize they are transmitting them externally.

External Transmission

Medium
Category
Data Exfiltration
Content
## How it works
1) Upload PDF + flags to:
   `POST https://api.xss-cross-service-solutions.com/solutions/solutions/api/75`
2) Poll:
   `GET  https://api.xss-cross-service-solutions.com/solutions/solutions/api/<job_id>`
3) Return `output.files[0].path` as download URL
Confidence
89% confidence
Finding
https://api.xss-cross-service-solutions.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## API endpoints
Base URL:
- `https://api.xss-cross-service-solutions.com/solutions/solutions`

Create permission-change job:
- `POST /api/75`
Confidence
93% confidence
Finding
https://api.xss-cross-service-solutions.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal