ClawHub

PDF Master Translator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PDF translation skill, but users should understand that document pages and formulas may be sent to external services.

Install only if you are allowed to send the selected PDF pages, diagrams, text context, and formulas to Gemini and math.vercel.app. Avoid using it on classified, export-controlled, confidential, or regulated documents unless those external services are approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (27)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code converts LaTeX into remote image URLs hosted at math.vercel.app, causing translated document formulas to be sent to and fetched from a third-party service. This creates an unnecessary external data flow for document-derived content and introduces privacy, availability, and integrity risk if the remote service logs requests, changes output, or becomes unavailable.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code converts LaTeX into image URLs hosted at math.vercel.app and embeds those remote URLs into HTML that is later rendered to PDF. This sends equation content from the source document to an unrelated third-party service and creates an undeclared external network dependency during document generation, which is especially risky given this skill is intended for engineering, scientific, and military-style PDFs.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code sends mathematical expressions extracted from the document to https://math.vercel.app for rendering, which is an unnecessary third-party data transfer for a PDF translation tool. Those formulas may contain proprietary, export-controlled, or otherwise sensitive technical content, and the transfer is not disclosed or bounded by consent.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code sends extracted math expressions from the source PDF to https://math.vercel.app by embedding the formula text in a remote image URL. This leaks potentially sensitive document content to an unrelated third-party service and also creates a dependency on external network fetches during PDF generation, which is risky for engineering, scientific, or military documents.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code sends mathematical expressions to an unrelated third-party service at math.vercel.app by embedding remote image URLs for every formula. In a PDF translation pipeline that may process sensitive engineering, scientific, or military documents, this creates an undisclosed data exfiltration path and a dependency on an external network service outside the primary AI provider.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The implementation contradicts the stated design by using remote IMG tags rather than local SVG generation. That mismatch is security-relevant because it can mislead operators into believing formulas are processed locally when they are actually disclosed to an external service.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code sends math expressions to an unrelated third-party rendering service via URL query parameters, which can disclose sensitive document contents outside the primary translation provider. In this skill's context, the documents may include engineering, scientific, or military material, so leaking formulas or technical notation to another external service materially increases data-exposure risk.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code renders a PDF page to an image and uploads that image to Google's GenAI service for translation. That is a real data egress path for potentially sensitive document contents, and the skill context explicitly targets engineering, scientific, and military-style PDFs, which increases the sensitivity of the transmitted data.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The code comments imply masking/redaction behavior, but the implementation uploads the full page image directly to the external model. In a PDF translation pipeline for engineering/scientific/military-style documents, this can expose sensitive diagrams, text, and markings that users may reasonably expect to be minimized or redacted before transmission.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code converts model-produced math expressions into remote image URLs at math.vercel.app, causing document-derived formula content to be sent to an unrelated third-party service during PDF rendering. This creates an undisclosed outbound data flow and dependency on an external service for sensitive technical document content.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The function uploads page or figure images to the Gemini API for annotation and translation, which means potentially sensitive PDF contents leave the local environment. For engineering, scientific, or military-style documents, this can expose proprietary or controlled information if users are not clearly warned and allowed to opt in.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown explicitly states that page text and LaTeX are sent to external services, but it does not provide a clear privacy warning or consent mechanism. In the context of engineering, scientific, or military PDFs, this is especially dangerous because sensitive or controlled technical data could be transmitted to third-party providers unintentionally.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill instructs users to export an API key and optional proxy settings without guidance on secure secret handling, scope limitation, or avoiding leakage in shell history and logs. While this is common operational guidance, omitting basic credential-safety practices can lead to accidental exposure of secrets or sensitive network configuration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script uploads page images from potentially sensitive PDFs to Google's generative AI service without any explicit disclosure, warning, consent flow, or classification checks. Given the skill is marketed for engineering, scientific, and military-style documents, this can expose confidential document contents, diagrams, and metadata to an external processor.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The functions upload page images and figures to external Gemini services for layout analysis, annotation extraction, and translation. Because the skill is designed for dense technical and potentially sensitive PDFs, this undisclosed transmission can expose proprietary, export-controlled, or otherwise confidential content to third-party providers.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script uploads page images and extracted document content to Gemini for layout analysis and translation without any visible user warning, consent flow, or data classification controls. In the context of engineering/scientific/military PDFs, this can expose sensitive document contents to a third-party AI provider unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Math expressions are embedded as remote image URLs generated by math.vercel.app, causing document-derived content to be transmitted to another external service without disclosure. This creates an extra exfiltration path separate from Gemini and is especially risky for technical PDFs containing sensitive formulas.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script uploads full page images and later associated page text/context to a cloud AI provider without any user-facing disclosure, consent, minimization, or classification checks. In the stated skill context—complex engineering, scientific, or military PDFs—this can expose sensitive or controlled information to external services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The translator uploads page images and extracted document content to Google's generative AI service, which is a real data-sharing boundary. Given the skill is specifically marketed for engineering, scientific, and military-spec PDFs, the context makes this materially more dangerous because the content may be sensitive, export-controlled, or confidential.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Mathematical expressions are transmitted to a third-party rendering service without any user-facing disclosure. In this skill's context, formulas from technical PDFs may themselves be proprietary or sensitive, so even partial disclosure of equations can leak valuable information.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script uploads full page images and extracted regions to an external GenAI service without any user-facing warning, consent flow, or sensitivity checks. Given the stated use on engineering, scientific, and military-style PDFs, this can expose highly sensitive document content to third-party processing in a way users may not expect.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script uploads the rendered page image to an external AI provider without any in-band warning, consent prompt, or visible notice in the code path. For a tool handling potentially confidential PDFs, silent transmission to a third party creates privacy and compliance risk even if the transmission is functionally related to translation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This function uploads figure/page images to an external AI service without any user-facing disclosure or consent mechanism. Because the skill is designed for complex technical PDFs, the transmitted content may include proprietary, export-controlled, or otherwise sensitive visual information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The translation agent sends full page images plus prior-page text context to an external model, increasing the volume and semantic richness of leaked data. In the context of engineering/scientific/military PDFs, cross-page context can expose document continuity, identifiers, and sensitive technical details beyond a single page.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Formula text is embedded into a query string for a third-party math rendering service without any visible user warning or consent mechanism. Even if formulas are not always highly sensitive, in this skill's context they may contain proprietary technical or military-spec content.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal