ClawHub

Pdf Cn

Security checks across malware telemetry and agentic risk

Overview

This PDF skill provides ordinary document processing utilities, with some sensitive password-protected PDF examples that users should handle only with authorization.

Install only if you are comfortable letting the agent run local PDF tools on files you choose. Use copies for important documents, review output paths to avoid overwrites, and only decrypt or process password-protected PDFs when you have permission to access them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The reference materially expands the skill’s effective capabilities beyond the declared scope by documenting PDF creation, rendering, OCR, optimization, repair, and encryption/decryption workflows. That mismatch can mislead downstream agents or users into performing higher-risk operations on sensitive documents without explicit authorization, guardrails, or policy framing.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The reference explicitly documents password removal/decryption, which can facilitate bypassing access controls on protected PDFs if an agent treats it as a normal supported action. Even if intended for legitimate owner use, presenting decryption as a generic capability without authorization checks or warnings increases the risk of misuse against confidential content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Examples for decrypting or handling password-protected PDFs normalize processing protected content without any warning about consent, legal authority, data sensitivity, or audit requirements. In an agent skill context, such examples can cause automated systems to treat access-controlled files as routine inputs, increasing privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal