pdf2img
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate ClawHub/Convex operations skill bundle, though some workflows can run powerful local or staff actions when intentionally invoked.
Install only if you trust this publisher to guide ClawHub and Convex operations. Pay special attention before using staff moderation commands, PR publishing, Convex deploy/migration commands, or the autoreview helper's default full-access nested review mode; use dry runs, confirmations, and opt-out flags where appropriate.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
50/50 vendors flagged this skill as clean.