ClawHub

Pdf Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking local PDF toolkit, but several scripts can turn crafted filenames or options into shell command execution on the user's machine.

Review before installing. Use only trusted documents and simple trusted filenames or run it in a sandbox, because crafted paths or page-range inputs could execute unintended local commands. Avoid globally relaxing ImageMagick PDF policy unless you understand the system-wide risk, and avoid putting sensitive PDF passwords directly on the command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
This script builds a shell command string and passes it to execSync, which invokes a shell. Although the input and output paths are quoted and path.resolve is used, shell-based execution remains risky because argument construction is manual and can behave unexpectedly with crafted filenames, shell metacharacters, or platform-specific quoting rules; it also expands the trust boundary to an external binary on PATH.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script builds shell command strings from user-controlled file paths and passes them to execSync, which invokes a shell. Although the paths are wrapped in double quotes, shell metacharacters such as embedded double quotes or command substitutions can still break out of quoting and enable command injection, leading to arbitrary local command execution with the privileges of the process.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script builds a shell command string and passes it to execSync with user-influenced values such as outputDir and dpi. Although inputPath is quoted, outputPath and dpi are not safely validated or passed as structured arguments, so a crafted output directory or option value could trigger command injection and arbitrary local command execution.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill documents PDF text extraction and password-based encryption/decryption without warning users that these actions can expose sensitive document contents and secrets in local files, shell history, logs, or process listings. In a document-processing tool, this increases the chance of inadvertent data leakage or unsafe password handling even if the tool is intended for legitimate local use.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions tell users to relax ImageMagick's PDF security policy but do not explain that the policy exists to reduce risk from dangerous or malformed PDF processing paths. Lowering that protection can broaden the attack surface for malicious PDFs and may expose the local system to vulnerabilities in Ghostscript/ImageMagick toolchains.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal