ClawHub
Back to skill

Security audit

NotebookLM PDF Cleaner

Security checks across malware telemetry and agentic risk

Overview

This is a local, user-run PDF cleanup skill with disclosed document-editing options, though users should be careful because it can cover content and optionally remove PDF metadata or annotations.

Use this only for PDFs where masking the visible NotebookLM footer is appropriate. Avoid coordinate changes or metadata/annotation stripping if they would hide authorship, comments, links, review history, or other information recipients should see; check the output before sharing and be cautious with --force.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is described as narrowly scoped to masking a small NotebookLM footer badge, but the documented behavior exposes a more general-purpose PDF modification capability: it can operate on any PDF, accept arbitrary mask coordinates, inspect document structure, and optionally strip metadata and annotations. That mismatch is security-relevant because it can enable concealment or sanitization of document content beyond the declared use case, reducing transparency and making misuse easier.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is described as narrowly scoped to masking a small NotebookLM footer badge, but it also exposes options to strip document metadata and remove page annotations. Those capabilities materially broaden the tool from cosmetic cleanup into provenance and content-sanitization behavior, which can be abused to hide attribution, remove review comments, or discard embedded links/notes before sharing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.