Back to skill

Security audit

PDF to Structured Markdown Skill(ADP)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Laiye ADP cloud document-parsing skill, but it needs review because it can send documents to a third-party service and its documentation exposes broader CLI powers than Markdown conversion.

Install only if your organization permits sending the target documents to Laiye ADP's cloud service. Prefer npm or verified release binaries over the remote script installers, protect the ADP API key, and constrain agent use to parse commands unless you explicitly approve extraction, custom-app changes, deletion, batch folder processing, or billable credit usage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README describes an underlying CLI with a much broader capability set than the skill's stated purpose of converting documents to structured Markdown, including extraction workflows, task querying, and application management. In an agent context, this scope mismatch is dangerous because it can cause a caller to grant trust or permissions to a tool whose real command surface supports additional data processing and operational actions outside the expected minimal function.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented command surface includes administrative and destructive operations such as custom app creation, update, delete, and version deletion, which are unrelated to a Markdown parsing skill. This materially increases risk because an agent or user selecting this skill for benign document conversion may unknowingly gain access to commands that modify remote resources or service configuration.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs users to execute remote bootstrap scripts directly from the internet via shell and PowerShell pipelines. That creates a supply-chain and arbitrary code execution risk unrelated to the narrow parsing task, because a compromised upstream repository, DNS, CDN, or network path could run attacker-controlled code on the user's machine.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README instructs users to execute remotely fetched shell and PowerShell installer scripts directly, without integrity verification, pinning, signature checks, or even a warning to inspect the script first. If the source repository, network path, or referenced script is compromised, this results in immediate arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to install via remote shell and PowerShell one-liners that fetch code from the internet and immediately execute it, without any warning or integrity-verification step. This is dangerous because a compromised upstream repository, tampered network path, or malicious script update would lead to arbitrary code execution on the user's machine during installation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells users to upload local documents, remote URLs, and Base64-encoded document contents to a third-party cloud service without clearly warning that document data leaves the local environment. This can expose confidential files, regulated records, credentials embedded in documents, or private URLs to an external processor without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes commands that fetch and immediately execute remote scripts, but gives no safety warning or verification step. This normalizes unsafe execution patterns and materially increases the chance of remote code execution if the fetched script is tampered with or replaced.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.