PDF小册子合并排版

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it locally merges PDFs into booklet-ready output files, with no evidence of network access, credential use, persistence, or hidden behavior.

Install only if you need local PDF booklet merging. Run it in a normal project folder or virtual environment, install pypdf from a trusted package source, point --input-dir only at PDFs you intend to process, and choose output paths carefully because existing output files can be overwritten.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: This code performs file writes that create or overwrite output PDFs, but the actual write path has no inline disclosure such as a confirmation prompt, comment, or log before the operation happens. Although the CLI description implies output generation, the safety-relevant write action itself is silent until after completion.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal