Back to skill

Security audit

Cn Pdf Editor

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF editor, but its web server is exposed to the network without authentication despite being described as localhost/private.

Install only if you are comfortable running an unauthenticated PDF editor service. Prefer editing the script to bind to 127.0.0.1 before use, run it only on trusted networks, close it when finished, and avoid opening highly sensitive PDFs until the network exposure is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The server binds to 0.0.0.0, exposing a local PDF editing service to every reachable network interface rather than only the local machine. Because the API has no authentication and allows file upload, document modification, deletion, and download, any host that can reach the port may control the editor and access document contents.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The header comments tell users to open localhost, implying the service is only locally accessible, but the actual bind address exposes it on all interfaces. This mismatch increases risk because users may assume the tool is private and unknowingly leave a sensitive document-editing API reachable by other machines on the network.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The UI explicitly claims '纯本地处理,隐私安全' ('pure local processing, privacy-safe'), but the page immediately uploads the selected PDF and subsequent edit operations to backend endpoints such as /api/open, /api/edit-text-at-rect, and /api/download. This is a security-relevant deception issue because users may upload sensitive documents under false privacy assumptions, causing unintended disclosure to the server or any systems behind it.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.