ClawHub
Back to skill

Security audit

Work Productivity Nano Pdf Workflow Helper 002325

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only workflow helper with overbroad auto-activation wording but no executable code, credential use, persistence, or destructive behavior.

Install only if you want a general Nano Pdf workflow helper that may be auto-selected from broad PDF or editing language. For safer use, invoke it explicitly by name or narrow/disable implicit triggers before relying on it in mixed-task environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger sentence is written as a broad natural-language phrase that overlaps with ordinary user requests, which can cause the skill to activate when the user did not explicitly intend to invoke it. Unintended invocation can route sensitive or unrelated tasks through this skill’s workflow, reducing user control and potentially causing incorrect handling of documents or instructions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation guidance lacks clear boundaries, so the skill may be selected for vague terms like 'pdf', 'edit', or generic workflow help even when another tool or no skill would be more appropriate. In an agent ecosystem, ambiguous routing increases the chance of accidental execution, prompt confusion, and mishandling of user intent across unrelated productivity tasks.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to match common requests involving PDFs, editing, or generic workflow help, which can cause the skill to activate outside its intended scope. This increases the chance of unintended instruction injection into unrelated tasks, confusing routing, and unsafe or low-quality outputs because users may invoke the skill without explicitly seeking this specialized workflow.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger keyword list is excessively broad and includes generic terms such as 'nano', 'pdf', 'edit', 'natural', and 'language', which can cause the skill to activate in many unrelated conversations. Overbroad activation increases the chance of incorrect routing, unintended prompt injection surface expansion, and inappropriate use of this skill outside its intended domain.

Vague Triggers

High
Confidence
95% confidence
Finding
The description says to use the skill when a user asks for broad topics like 'pdf', 'edit', or any 'practical workflow, artifact, checklist, analysis, or implementation support', which is far too ambiguous for safe routing. This can cause the skill to be selected for common tasks unrelated to the validated requirement, increasing confusion, misapplication, and exposure to adversarial or irrelevant inputs.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger phrases are generic templates like 'Help me' and 'I need a practical workflow' with only loose attachment to the requirement text, so they do not enforce meaningful scope boundaries. Such examples teach broad invocation behavior and can normalize accidental or excessive activation of the skill.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger keyword list is overly broad and includes generic terms such as 'nano', 'pdf', 'edit', 'natural', 'language', and 'instructions'. This can cause the skill to activate on unrelated conversations, creating unintended routing behavior and increasing the chance that users receive irrelevant or misleading workflow guidance.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description defines usage conditions broadly around user needs for practical workflows and related support, but does not clearly delimit what is in scope versus out of scope. Ambiguous activation criteria can lead to accidental invocation, skill shadowing, or inappropriate application in contexts where the user did not request this workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger phrases rely on generic wording like 'help me' and 'I need a practical workflow', which does not establish a clear boundary between legitimate invocation and ordinary conversation. This weakens routing precision and makes false activations more likely, especially in systems that use example-driven matching.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The default prompt includes a very broad natural-language trigger phrase ('Use $work-productivity-nano-pdf-workflow-helper to help me ...') tied to generic productivity and workflow terms. Because implicit invocation is enabled, this increases the chance the skill is auto-selected during ordinary user requests unrelated to the intended task, causing unintended prompt injection surface expansion and unexpected behavior.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger sentence is built around a very broad natural-language phrase, making it easy for unrelated user requests containing common terms like 'practical workflow' or fragments of the requirement text to activate the skill unintentionally. Overbroad activation can cause prompt-routing confusion, inappropriate tool selection, and increase the attack surface for prompt injection through accidental invocation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger scope is ambiguous because the listed trigger sentences and keywords do not clearly define when the skill should or should not activate. In an agent environment, ambiguous routing logic can cause the skill to intercept unrelated tasks, leading to incorrect behavior, context leakage across tasks, or abuse by attackers who deliberately phrase requests to force activation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal