ClawHub

Foxit Cloud API

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Foxit Cloud API connector, but users should treat uploaded documents as being processed by Foxit/OOMOL cloud services.

Install only if you intend to use Foxit Cloud API through OOMOL. Before running upload, conversion, OCR, comparison, extraction, or PDF editing actions, confirm that the documents may be shared with Foxit/OOMOL cloud services and review the exact payload for write, remove, or page-deletion operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill declares it should be used for ANY Foxit Cloud API request and whenever a task involves Foxit Cloud API, which is an overly broad trigger that can cause the agent to route all related tasks through this skill without narrowing by action sensitivity. In this context the skill exposes both read-only and state-changing/destructive operations, so broad auto-selection increases the chance of unintended uploads, modifications, password removal, or deletions being performed via the connector.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to submit documents for cloud conversion but does not disclose that the full file contents will be transmitted to Foxit Cloud, which can expose sensitive or regulated data to a third-party service. In a document-processing context, this omission is material because users may reasonably assume a local or opaque connector operation rather than external cloud handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to send a PDF or image document to Foxit Cloud for OCR but does not disclose that document contents will be transmitted to an external third-party service. This creates a privacy and data-handling risk because users or downstream agents may upload sensitive documents without informed consent or policy checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal