Back to skill

Security audit

PDF Extract & Analysis / PDF 提取分析

Security checks across malware telemetry and agentic risk

Overview

This skill mostly advertises PDF extraction but does not include real extraction functionality and steers users to external commercial links.

Review this before installing because it appears to be an informational or promotional stub, not a working PDF extraction skill. It does not show malicious file or credential behavior, but users expecting local PDF processing should not rely on it without verifying the external full version and sponsored links independently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill advertises PDF extraction and analysis capabilities, but the file contains no implementation for those functions and is largely a marketing stub pointing users to external paid services. This is dangerous because it creates deceptive functionality expectations and may drive users to trust or follow external links under the assumption they are part of a vetted skill workflow.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.