ClawHub
Back to skill

Security audit

Pdf Vocab Audio

Security checks across malware telemetry and agentic risk

Overview

This skill coherently converts a user-provided or documented inbound PDF vocabulary list into an MP3, with no evidence of hidden persistence, credential access, destructive behavior, or deceptive exfiltration.

Install only if you are comfortable with a skill reading the selected PDF, invoking edge-tts and ffmpeg, and saving an MP3 under /tmp. Use an explicit PDF path when possible, avoid sensitive PDFs unless you accept the edge-tts data flow, and review the generated word list because full lines beginning with English may be spoken.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"-c", "copy",
            output_path
        ]
        result = subprocess.run(cmd, capture_output=True, timeout=60)
        return result.returncode == 0
    finally:
        if os.path.exists(list_file):
Confidence
82% confidence
Finding
result = subprocess.run(cmd, capture_output=True, timeout=60)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions while its documented behavior clearly reads PDFs, writes output files, and invokes shell-accessed tools like edge-tts and ffmpeg. This creates a transparency and consent gap: users and policy engines may treat the skill as lower risk than it really is, increasing the chance of unintended file access or command execution in a trusted workflow.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
When no argument is provided, the skill automatically scans and processes the newest PDF from /root/.openclaw/media/inbound. This broadens the data access scope beyond an explicitly provided file and may cause unintended processing of sensitive or unrelated documents present in that directory.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill extracts text from user PDFs and sends that text to edge-tts, which may rely on an external service, but the documentation does not warn users that document content could leave the local environment. If the PDF contains private vocabulary lists, names, student data, or proprietary material, this omission can lead to unintentional data exfiltration and compliance issues.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal