ClawHub

Remove password from PDF

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it sends a protected PDF, its password, and the unlocked result through a third-party service without enough disclosure about retention or access controls.

Install only if you are comfortable sending the PDF, its password, and the unlocked output through Cross-Service-Solutions. Avoid sensitive, regulated, or confidential documents unless you have separately approved that provider's privacy, retention, deletion, and access-control practices; a local offline PDF tool is safer for high-sensitivity files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly instructs users to upload both a password-protected PDF and its current password to a third-party remote API, but provides no warning about confidentiality, retention, or trust boundaries. This is dangerous because the document contents and the password are both disclosed to an external service, enabling unauthorized access, storage, reuse, or breach exposure of sensitive files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends both a protected PDF and its password to a third-party external service, but it does not prominently warn the user about the privacy and confidentiality implications of exfiltrating sensitive content and credentials off-platform. This is especially risky because password-protected PDFs often contain sensitive documents, and the password itself is disclosed to the external provider as part of the workflow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script transmits both the protected PDF and its current password to a third-party remote API, but it does not present an explicit runtime consent or security warning before doing so. Because the uploaded content and password are highly sensitive, this creates a real risk of credential disclosure, document exfiltration, and loss of confidentiality if the service, endpoint, logs, or operators are untrusted or compromised.

External Transmission

Medium
Category
Data Exfiltration
Content
## How it works
1) Upload PDF + current password to:
   `POST https://api.xss-cross-service-solutions.com/solutions/solutions/api/33`
2) Poll:
   `GET  https://api.xss-cross-service-solutions.com/solutions/solutions/api/<job_id>`
3) Return `output.files[0].path` as the download URL
Confidence
95% confidence
Finding
https://api.xss-cross-service-solutions.com/

External Transmission

Medium
Category
Data Exfiltration
Content
1) Upload PDF + current password to:
   `POST https://api.xss-cross-service-solutions.com/solutions/solutions/api/33`
2) Poll:
   `GET  https://api.xss-cross-service-solutions.com/solutions/solutions/api/<job_id>`
3) Return `output.files[0].path` as the download URL

## Script (CLI)
Confidence
87% confidence
Finding
https://api.xss-cross-service-solutions.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal