ClawHub

pdf-translate-skill

Security checks across malware telemetry and agentic risk

Overview

The skill is aligned with PDF translation, but it downloads and unpacks remote arXiv source archives and compiles TeX in ways that can affect local files.

Use this only in a dedicated working directory or sandbox, especially for arXiv sources or unfamiliar PDFs. Review downloaded TeX before compiling, avoid sensitive output folders, and treat generated intermediate files as copies of the source document that may contain sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"\nPass {pass_num}/{passes}...")

        try:
            process = subprocess.run(
                cmd_base,
                capture_output=True,
                text=True,
Confidence
95% confidence
Finding
process = subprocess.run( cmd_base, capture_output=True, text=True, cwd=tex_path.parent, timeout=300, # 5 m

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to automatically download remote arXiv source files and generate/compile output files, but it does not require explicit user consent or a warning before performing network access and filesystem-modifying actions. In an agent setting, silent remote fetches and creation of TeX/PDF artifacts expand the trust boundary and can surprise users or violate expected sandboxing constraints.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code extracts a tar.gz archive from a remote source directly into a user-chosen directory using tar.extractall(output_path) without validating member paths. A malicious archive could contain absolute paths or ../ traversal entries and overwrite files outside the intended directory, which is especially dangerous because the archive content comes from external network data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal