ClawHub

Pdf Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only PDF helper with local file-processing examples, but users should notice that its optional EvoLink API section conflicts with later local-only security claims.

Use it for local PDF work, but keep sensitive documents local unless you intentionally enable EvoLink and accept sending document content or metadata to that third-party service. Prefer a virtual environment for the PDF packages, use explicit output filenames, and avoid overwriting originals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The README's Security section states the skill does not require API keys or make network requests, but earlier sections explicitly document optional EvoLink API credentials and external AI-powered analysis. This mismatch can mislead users and reviewers about data flow and trust boundaries, increasing the chance that sensitive PDF content is sent to a third-party service without informed consent.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a local PDF manipulation toolkit, but the documentation also introduces optional external AI-powered PDF analysis through EvoLink. That inconsistency expands the skill's effective capability from local file handling to third-party data transfer, which matters because PDFs often contain confidential business or personal information.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The security section materially misrepresents the skill's behavior and trust boundaries by claiming no API keys or network requests are required, while earlier sections explicitly promote optional EvoLink API usage and link to external services. This can mislead operators into approving or using the skill under false assumptions, increasing the chance that sensitive PDF content is sent to a third party or that credentials are introduced unexpectedly.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest advertises a local PDF toolkit, but the body expands scope to include AI-powered analysis via an external API. This scope mismatch is dangerous because users, policy engines, or reviewers may grant the skill access based on a narrower description than its actual documented capabilities.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Embedding an external AI API workflow inside a PDF manipulation skill introduces an unnecessary data egress path not inherent to the stated purpose. If an agent follows these instructions, PDF contents that may include sensitive documents, forms, or metadata could be transmitted off-host to a third-party provider without strong justification or clear user expectation.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The README describes the skill in very broad terms such as helping with 'any PDF operation,' which can cause overbroad invocation on general PDF-related requests. In an agent setting, loose triggering can lead the skill to influence tasks outside its safest intended scope, including operations that overwrite files, process sensitive documents, or encourage use of command-line tools without sufficient safeguards.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents modification operations such as merge, split, create, modify, forms, and encryption, but it does not warn about overwriting files, irreversible changes, or the need to write outputs to new filenames. This omission increases the risk of accidental data loss or unintended alteration of user documents when the instructions are followed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal