Security audit

pdf2zh-next翻译

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PDF translation wrapper with normal privacy and supply-chain cautions around the external pdf2zh tool and chosen translation provider.

Before installing, make sure pdf2zh-next comes from a trusted source, review config.toml to confirm the active translation provider, and avoid translating confidential PDFs through remote providers unless sharing that document text is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill clearly instructs the agent to invoke shell commands and manipulate environment variables, yet it declares no explicit permissions. This creates a capability/expectation mismatch that can bypass user or platform review controls, especially because the skill also discusses subprocess isolation and command execution as core behavior.

Context-Inappropriate Capability

Medium

Confidence: 80% confidence
Finding: The skill authorizes reading an online documentation URL to resolve parameter usage, which introduces network access beyond the stated local wrapper purpose. Even if intended for usability, this expands the trust boundary: remote content can change, be unavailable, or be abused to influence agent behavior in ways not covered by the local skill definition.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal