docs-pdf

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate PDF toolkit, but it needs review because it documents privileged setup, broad file-changing workflows, password removal, and a misleading form-flattening option.

Install only if you are comfortable with a powerful local PDF tool. Review all setup commands before running them, prefer a virtual environment or container, avoid sudo unless you intentionally approve system package changes, keep backups before batch operations, only decrypt documents you are authorized to access, and do not rely on the included --flatten flag to make filled forms non-editable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises and documents file read, file write, and shell execution capabilities but does not declare permissions or scope boundaries. In an agent environment, this weakens reviewability and can lead to the skill being invoked with broader operational power than users or platform policy expect.

Context-Inappropriate Capability

Medium

Confidence: 80% confidence
Finding: The skill instructs use of system package managers and npm, expanding execution beyond document handling into host modification. In a privileged or semi-automated agent setting, this can result in unreviewed software installation, dependency-chain exposure, and environment drift.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The script advertises `--flatten` as making the form non-editable, but the implementation explicitly does not perform flattening and still writes an editable PDF. This can mislead users into believing sensitive or finalized form data has been locked when it has not, enabling downstream tampering or accidental modification of documents relied upon for business or compliance workflows.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger condition is extremely broad, including essentially any mention of PDFs, which increases the chance of unintended invocation. In an agent system with file and shell capabilities, over-triggering can cause the wrong toolchain to activate on sensitive content or perform unnecessary file operations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation includes PDF decryption/password removal commands without any authorization check or warning. Even if intended for legitimate recovery, presenting decryption as a routine operation can facilitate unauthorized access to protected documents and normalize bypass of access controls.

Unrestricted Tool Access

Medium

Category: Excessive Agency
Content: | 🔧 Repair corrupted PDF | `scripts/repair_pdf.py` | `python scripts/repair_pdf.py broken.pdf -o fixed.pdf` | | 🔤 List fonts | `scripts/list_fonts.py` | `python scripts/list_fonts.py input.pdf` | > 💡 Run any script with `--help` to see all available options. ---
Confidence: 87% confidence
Finding: Run any script

Unrestricted Tool Access

Medium

Category: Excessive Agency
Content: | `scripts/repair_pdf.py` | Attempt to repair corrupted PDF files | | `scripts/list_fonts.py` | List all fonts used in a PDF | Run any script with `--help` to see its options. ---
Confidence: 87% confidence
Finding: Run any script

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: pip install pypdf pdfplumber reportlab pdf2image pytesseract Pillow --break-system-packages # System tools sudo apt-get install -y poppler-utils tesseract-ocr qpdf # For Chinese OCR sudo apt-get install -y tesseract-ocr-chi-sim tesseract-ocr-chi-tra
Confidence: 95% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: sudo apt-get install -y poppler-utils tesseract-ocr qpdf # For Chinese OCR sudo apt-get install -y tesseract-ocr-chi-sim tesseract-ocr-chi-tra # Node.js (form filling) npm install pdf-lib
Confidence: 95% confidence
Finding: sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal