Back to skill

Security audit

universal-pdf-vision-parser

Security checks across malware telemetry and agentic risk

Overview

This skill behaves like its description: it converts selected PDF pages into images, sends them to Qwen/DashScope for transcription, and saves Markdown output.

Install only if you are comfortable sending the processed PDF pages to Alibaba Cloud DashScope/Qwen for analysis. Avoid sensitive, regulated, or confidential documents unless that provider use is acceptable, use DASHSCOPE_API_KEY instead of passing the key on the command line, and consider installing dependencies in an isolated Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs users to run a Python script that consumes an API key and writes parsed output to disk, but the manifest does not declare corresponding permissions or capabilities. This creates a transparency and policy-enforcement gap: agents or reviewers may treat the skill as low-risk while it actually accesses secrets from the environment/CLI and performs file writes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script renders PDF pages to images and sends them to the external DashScope/Qwen-VL-Max API, but provides no explicit user-facing consent notice, privacy warning, or data-classification guardrail. Because PDFs may contain sensitive personal, financial, legal, or proprietary information, this can lead to unintended disclosure to a third-party service, and the skill context makes this more dangerous because users may assume a local parser rather than full page-image exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.