ClawHub

pdf-compress-tool

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward PDF compression skill, with the main caution that it can install the pikepdf Python package and write output PDFs during normal use.

Install this only if you are comfortable with a local PDF tool that may run pip to install pikepdf. For tighter control, preinstall dependencies in a virtual environment, use explicit output paths, and keep backups before compressing important PDFs or whole directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return pikepdf
    except ImportError:
        print("  pikepdf not installed, attempting to install...")
        subprocess.run(
            [sys.executable, "-m", "pip", "install", "pikepdf"],
            check=True, capture_output=True,
        )
Confidence
94% confidence
Finding
subprocess.run( [sys.executable, "-m", "pip", "install", "pikepdf"], check=True, capture_output=True, )

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill description presents a PDF compression utility, but the implementation also performs runtime software installation. That mismatch is security-relevant because users and orchestrators may grant the tool broader trust than intended, leading to unexpected network access and execution of downloaded code.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Runtime pip installation is not necessary to satisfy the narrow purpose of compressing an already-provided PDF and introduces avoidable supply-chain risk. In security-sensitive agent settings, unexpected package installation is materially dangerous because it can fetch and execute new code during task execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation emphasizes direct compression and batch processing but does not warn that the tool writes modified files to disk, potentially overwriting outputs or causing bulk changes to user data. In a file-processing skill, lack of disclosure around write behavior increases the risk of unintended data loss or user surprise.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Auto-installing `pikepdf` via pip without explicit warning or consent violates least surprise and can execute unreviewed third-party code in the current environment. This is particularly risky for an agent skill, where operators may expect file transformation only, not package management or network retrieval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal