ClawHub

PDFlux-PDF2Markdown

Security checks across malware telemetry and agentic risk

Overview

This skill openly sends a user-selected document to a PaodingAI SaaS API for Markdown conversion, which matches its stated purpose but should only be used for documents you are comfortable uploading.

Install only if you intend to use PaodingAI/PDFlux as a third-party document conversion service. Do not run it on confidential, regulated, or customer documents unless your API account, data-handling terms, and user consent allow uploading those files. Confirm the exact input file before use, and avoid enabling image/base64 output unless needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The default prompt instructs the agent to always execute a bundled script that uploads a local document to an external SaaS API using an API key. This creates a real data exfiltration boundary: routine document tasks could send sensitive local files off-platform without an explicit per-request consent or scope check. In a document-conversion skill, this is more dangerous because the likely inputs are user documents, which often contain confidential or regulated data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest uses broad behavior that can activate on many generic document-related tasks, while also mandating execution of the upload script. That combination increases the chance the skill is invoked in situations where the user did not intend third-party processing, causing unnecessary exposure of document contents to the external API. Because this skill targets common file-analysis workflows, the broad scope makes accidental data disclosure materially more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal