ClawHub

Memect Ppx

Security checks across malware telemetry and agentic risk

Overview

This skill is a document parsing helper that runs the local ppx OCR/parser and its higher-risk behaviors are mostly expected for that purpose.

Install this only if you intend to use ppx for local PDF/image parsing. Use a dedicated virtual environment, parse only files you choose, send outputs to a private directory, avoid debug/dev modes unless troubleshooting, and use LLM or persistent backend settings only with services you trust for the document contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to read local files and write parsed document contents into an output directory, but it does not declare corresponding permissions. Undeclared file access weakens policy enforcement and user awareness, especially because OCR/parsing can materialize sensitive document contents on disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill's stated purpose is document parsing, but the instructions also include environment inspection, reading repository metadata, and modifying SKILL.md to synchronize version information. That expands behavior beyond the user-facing description and can enable unexpected file modification unrelated to the OCR task.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill tells the agent to run parsing commands that write extracted Markdown/JSON and related artifacts to local output folders, but it does not warn users that their document contents will be persisted on disk. For sensitive PDFs or images, silent local storage increases risk of data exposure, retention, and accidental reuse by other tools or users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow permits `--table llm` with configurable backends, but the skill description does not warn that table extraction may send document content to an LLM service. If enabled on confidential documents, this can disclose data to external or separately governed processing systems without informed user consent.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation recommends `--debug` and `--dev` as useful flags without warning that they preserve extra debug output and intermediate artifacts. In this skill's context, parsed PDFs and images may contain sensitive personal or business data, so retained intermediate files can unintentionally expand the data exposure surface, especially on shared systems or when users inspect logs/output directories later.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal