ClawHub

pdf

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PDF-processing skill that works locally, but it can create sensitive intermediate files while handling documents.

Install only if you are comfortable with local PDF tools creating derived files from your documents. Use it only on PDFs you are authorized to access, choose non-conflicting output paths, and delete intermediate images and JSON files when they contain personal, financial, medical, legal, or business information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide includes a qpdf example for decrypting password-protected PDFs without any caution about authorization, legal restrictions, or handling of sensitive content. In a PDF-processing skill, this can normalize bypassing protections and may lead users or agents to process confidential documents improperly, increasing the risk of unauthorized access or data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This is a real safety weakness: the skill instructs the agent to generate and overwrite local artifacts such as JSON metadata and filled PDFs without requiring explicit user confirmation, safe output locations, or non-destructive defaults. In a PDF-processing skill, these writes are expected for functionality, but the absence of guardrails can still lead to unintended modification of user documents, leakage into predictable paths, or cluttering sensitive derived data on disk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This is also a true vulnerability: the non-fillable workflow directs creation of multiple derivative artifacts, including page images, validation images, fields.json, and a filled PDF, without warning the user that sensitive document contents will be copied into several new files. In context, this behavior is operationally relevant to form filling, but it increases exposure because personal or regulated PDF data may be replicated across disk locations and retained longer than intended.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal