ClawHub

Web to PDF

Security checks across malware telemetry and agentic risk

Overview

This PDF conversion skill matches its purpose, but a crafted output filename could cause unintended shell command execution.

Review before installing. Use only with trusted or explicitly approved URLs, choose simple output filenames without shell metacharacters, and prefer a patched version that replaces shell-string execSync with execFileSync or spawn using an argument array.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README uses very broad trigger phrases such as 'Save this web page as PDF' and 'Export this presentation to PDF', which are common user requests and can cause the skill to be selected in situations the user may not realize will fetch and render a remote URL. In this skill's context, unintended invocation is more dangerous because the underlying behavior drives a headless browser against untrusted websites, increasing exposure to SSRF-like access, local-network probing, and execution of hostile page content within the browser sandbox.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description explains PDF conversion but omits that the skill fetches and fully renders remote URLs in a headless browser, which is a security-relevant action rather than a simple file transformation. In this context, that omission increases risk because users or orchestrators may invoke the skill without understanding that arbitrary web content, including active JavaScript, will be loaded and interacted with automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This is a real command-injection risk because the code builds a shell command string for execSync that includes user-controlled values, notably outputPath and a JSON-serialized pngPaths array. Although outputPath is wrapped in double quotes, shell substitution such as $(...) is still evaluated inside double quotes, and single-quoting JSON is also unsafe if any path contains a single quote. In this skill's context, converting arbitrary URLs to PDF already involves attacker-controlled content and filesystem interactions, which makes shell execution especially dangerous.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal