ClawHub

度慧文档转换-文档转PDF

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it sends the selected document to Duhui/Alibaba-hosted services for conversion, so users should treat it as a third-party upload workflow.

Install only if you are comfortable sending the selected file to Duhui/Alibaba infrastructure. Keep DUHUI_ALI_APPCODE in a secure environment or secret store, do not paste it into chat, and avoid using this for confidential documents unless the vendor's retention and privacy terms meet your requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tainted flow: 'pdf_url' from os.environ.get (line 493, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
) as temp_file:
            temp_path = Path(temp_file.name)
            try:
                with urllib.request.urlopen(
                    pdf_url,
                    timeout=DOWNLOAD_TIMEOUT_SECONDS,
                    context=VERIFIED_SSL_CONTEXT,
Confidence
97% confidence
Finding
with urllib.request.urlopen( pdf_url, timeout=DOWNLOAD_TIMEOUT_SECONDS, context=VERIFIED_SSL_CONTEXT, ) as r

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill is presented as document-to-PDF conversion, but its documented trigger scope also includes PDF compression and watermarking, which are different operations with different user expectations and data-handling implications. This can cause the agent to invoke the skill for requests outside its stated purpose, resulting in unintended file uploads or incorrect processing.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description includes broad generic trigger phrases such as document conversion, format conversion, and PDF conversion. Overbroad triggers increase the chance that unrelated requests will activate a skill that uploads local files to external services, creating unnecessary data exposure and user-surprise risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The 'When To Use' section repeats broad and ambiguous trigger examples, including high-frequency generic terms. In context, this is more dangerous because the skill uploads local documents to vendor-controlled storage and services, so accidental invocation can leak sensitive content externally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly sends user-provided local documents to OSS and then to an external conversion service, but the documentation does not warn about third-party data transfer, retention, or privacy implications. This is dangerous because users may unknowingly submit sensitive files to external infrastructure, creating confidentiality, compliance, and data-governance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal