ClawHub

Md2pdf WeasyPrint

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform Markdown-to-PDF conversion, but it may automatically install Python packages and system fonts on the host without a clear opt-in step.

Install only if you are comfortable with the skill downloading and installing Python packages and system fonts on the machine where it runs. Prefer running it in a virtual environment or container, review the exact pip and yum commands first, and avoid running it with elevated privileges unless you intentionally want those system changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims to convert Markdown to PDF, but the documented behavior also includes installing Python packages and system fonts via pip and yum. This expands the trust boundary from document conversion to system modification and package management, which can change the host environment, require elevated privileges, and introduce supply-chain risk if users run it without realizing those side effects.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script performs unattended system package installation with `yum` to add fonts, which exceeds the expected scope of a Markdown-to-PDF conversion helper. In an agent or automation context, this modifies the host system, may require elevated privileges, and can be abused to trigger unexpected system changes or fail in unsafe ways on production machines.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script installs Python packages at runtime via `pip` when imports fail, giving a document-conversion wrapper package-management capability it does not strictly need during normal execution. This increases supply-chain and environment-modification risk, especially when run in CI, on shared hosts, or with elevated privileges.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation mentions automatic installation, but it does not prominently warn that executing the skill may install software and fonts onto the system. Users may treat it as a simple file conversion utility and unknowingly permit persistent host modifications, package downloads, or privileged package-manager operations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script makes host-changing package and font installations without an upfront warning, confirmation prompt, or explicit opt-in. In skill/agent environments, users may expect a conversion utility to read input and write output, not alter system state, so this behavior is unexpectedly invasive and can cause unauthorized changes or operational issues.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal