ClawHub

PDF-API.io

Security checks across malware telemetry and agentic risk

Overview

This PDF-API.io connector is coherent and disclosed, though users should notice that it can render PDFs, not just read templates.

Install this if you want Codex to operate PDF-API.io through OOMOL. Review render_pdf requests carefully because they can generate hosted PDFs and may consume service credits; make sure the JSON payload and template ID are what you intended before allowing a render.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest claims the skill is for 'searching and reading data,' but the documented actions include `render_pdf`, which generates new output and may consume credits or trigger side effects. This mismatch can mislead an agent or user into treating the skill as read-only and invoking it without the additional confirmation normally required for non-read operations.

Intent-Code Divergence

Low
Confidence
80% confidence
Finding
The safety section correctly distinguishes read actions from state-changing actions, but the top-level manifest still broadly frames the skill as only for searching/reading. That inconsistency can cause downstream policy engines or users to rely on the safer description and miss that the skill can perform non-read work such as rendering PDFs.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata says it should be used for 'searching and reading data,' but this action enables document generation by rendering templates with arbitrary JSON input. That scope mismatch can mislead downstream agents or reviewers into granting broader capabilities than intended, creating an integrity and policy-bypass risk even if the action is not inherently malicious.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to use this skill for ANY PDF-API.io request is overly broad and encourages automatic routing of all related tasks through one connector without narrowing scope by action risk. In context, this increases the chance that higher-risk operations are invoked simply because the request mentions PDF-API.io, even when additional validation or explicit user approval is needed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal