ClawHub

Pdf Intelligence Suite

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local PDF-processing skill with user-directed file operations and no evidence of hidden data collection or unsafe automatic behavior.

Install only if you need local PDF/OCR automation and are comfortable with its Python and Tesseract dependencies. Work on copies when deleting pages, decrypting, watermarking, or converting sensitive PDFs, and avoid feeding very large or untrusted PDFs without size/page limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The skill advertises destructive and security-sensitive operations such as deleting pages, decrypting files, modifying metadata, and applying signatures or watermarks without any cautionary guidance. In a document-processing context, this can lead users or agents to alter sensitive PDFs irreversibly, weaken document protections, or mishandle regulated documents without understanding the risk.

Unbounded Output

Medium
Category
Output Handling
Content
# 调整列宽
                    for col in ws.columns:
                        max_length = 0
                        column = col[0].column_letter
                        for cell in col:
                            try:
Confidence
88% confidence
Finding
max_length = 0

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal