ClawHub
Back to skill

Security audit

文献精读小工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PDF-to-summary workflow, with the main privacy consideration that selected document content may be sent to configured OCR or LLM services.

Before installing or running, review config.json, use environment variables for API keys when possible, keep use_paddleocr disabled unless you trust the OCR endpoint, choose only trusted LLM providers for sensitive papers, and pass specific PDF files or narrow folders rather than broad document directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to use environment variables, read local files, write output files, invoke shell commands, and send data to OCR/LLM endpoints, yet no permissions are formally declared. This creates a trust and review gap: an agent or platform may execute broader capabilities than a user expects, including transmitting extracted paper content and secrets-derived API access to remote services.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This script uploads local PDF contents to an external OCR service, polls remote job state, and downloads processed results. In the context of a skill whose description emphasizes reading local config/prompt files, this creates a real confidentiality and data-boundary risk: sensitive paper contents may be exfiltrated to third-party infrastructure, and operators may not expect network transfer of local documents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends extracted paper text to an external OpenAI-compatible API via `client.chat.completions.create`, and the input text may contain unpublished research, proprietary data, or personal information. In this skill context that behavior is core functionality, but the lack of an explicit warning, consent check, or provider/data-handling validation makes unintended data exfiltration a real privacy and confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal