ClawHub

PDF万能大师

Security checks across malware telemetry and agentic risk

Overview

This PDF skill is mostly coherent, but it asks users to process highly sensitive documents and use a team password vault without enough safeguards or scope limits.

Review this skill carefully before installing. It may be useful for enterprise PDF workflows, but do not route passwords, identity documents, bank statements, medical files, contracts, tax records, or signatures through it unless your organization has approved the data handling model, access controls, retention/deletion policy, and audit requirements. The password-vault feature should be disabled or replaced with a dedicated secrets manager unless it can prove plaintext secrets are never exposed to the agent or chat history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports extraction of highly sensitive identity, financial, and medical records such as IDs, passports, bank statements, and medical charts, but it does not provide user-facing data handling warnings, consent requirements, retention limits, or access restrictions. In a chat-based agent context, this increases the risk of over-collection, improper disclosure, and compliance violations because users may submit regulated personal data without clear safeguards.

Missing User Warnings

High
Confidence
98% confidence
Finding
The team password vault feature normalizes storing and retrieving shared credentials through the agent, yet it lacks explicit warnings about secrets handling, scope restrictions, approval requirements, or the risks of one-click decryption. This is especially dangerous because agents and chat systems can expose credentials through logs, prompts, exports, or misuse by unauthorized team members.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill promotes a workflow where users store shared passwords and invoke one-click decryption through the agent, which encourages centralized collection and reuse of credentials in an LLM-mediated environment. This materially increases the chance of credential theft, privilege escalation, accidental disclosure in conversation history, and unsafe secret-sharing practices across a team.

Ssd 3

Medium
Confidence
92% confidence
Finding
The OCR template features encourage automated extraction of sensitive personal, financial, and health data fields at scale, including identity documents, bank statements, and medical records. Without clear minimization, consent, retention, and access-control safeguards, this can enable unnecessary bulk collection of regulated data and amplify harm from misconfiguration or unauthorized access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal