Back to skill

Security audit

PDF to Structured JSON(ADP)

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud document-parsing helper, but users should be careful with sensitive documents, API keys, and optional remote installer commands.

Prefer the npm install or verified release binaries instead of piping remote scripts directly into a shell. Treat parse and extract commands as sending the selected documents or URLs to Laiye ADP cloud services, and do not process contracts, IDs, invoices, secrets, regulated records, or customer data unless you are authorized. Protect the ADP API key, prefer environment variables or the documented encrypted config storage, and monitor credit usage because the service is usage-billed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes installation methods that fetch and immediately execute remote shell and PowerShell scripts (`curl ... | bash`, `irm ... | iex`). This exceeds the core parsing function of the skill and creates a direct arbitrary-code-execution path if the remote source, network path, or hosting account is compromised. In a skill context, users may treat these commands as trusted setup steps, which increases the likelihood of unsafe execution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to install via remote shell and PowerShell scripts fetched over the network and executed immediately, without any integrity verification, pinning, or safety warning. This creates a supply-chain execution risk: if the remote script, hosting account, network path, or referenced branch is compromised, users could run arbitrary code on their systems.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README recommends executing remotely fetched shell and PowerShell installers directly via a pipe to the interpreter, without any integrity verification, pinning, or warning about the risks. If the GitHub account, repository, branch, network path, or hosted script is ever compromised, users and agent systems could immediately run attacker-controlled code on their machines.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to send local files, remote URLs, and Base64-encoded documents to an external cloud service, but it does not give a prominent user-facing warning that document contents leave the local environment. This is risky because parsed documents may contain sensitive business, personal, financial, or identity data, and users may not appreciate the privacy, compliance, and data residency implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installation section tells users to execute remote scripts directly in a shell and PowerShell without any warning about reviewing code, validating source integrity, or preferring safer installation methods. This creates a classic supply-chain and remote-code-execution risk, especially in documentation that may be copied verbatim by users or agents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.