CAD2PDF

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward CAD-to-PDF converter, with disclosed setup steps that install normal CAD/PDF conversion dependencies.

Install only if you are comfortable adding the listed Python packages, apt packages, and optional ODA File Converter .deb to your system. For higher assurance, verify the ODA download source, use a virtual environment for Python dependencies, and run the converter on CAD files you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes direct system modification steps, including downloading and installing external software and packages, without prominently warning that it changes the host environment. In an agent setting, this can lead users to approve or operators to permit dependency installation without understanding the trust and supply-chain implications of adding third-party binaries and system packages.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: pip install ezdxf matplotlib # 中文字体（Ubuntu/Debian） sudo apt-get install -y fonts-noto-cjk # DWG支持（可选） wget "https://www.opendesign.com/guestfiles/get?filename=ODAFileConverter_QT6_lnxX64_8.3dll_27.1.deb" -O /tmp/ODAFileConverter.deb
Confidence: 86% confidence
Finding: sudo

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal