ClawHub

pdf-processor

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent local PDF tool, but its encryption script exposes the PDF password in console output and the dependency setup has avoidable parser supply-chain risk.

Review before installing if you will process sensitive PDFs. Avoid using the encryption script as written until the password print is removed and prefer a hidden prompt or protected secret source instead of a positional CLI password. Pin and audit document/image parser dependencies before using this in shared, automated, or untrusted-file workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script prints the PDF encryption password to the console after completing encryption, which can leak the secret into terminal scrollback, shell history capture, CI/CD logs, or other monitoring systems. In a PDF-processing skill that may be used in shared or automated environments, exposing the password defeats the purpose of protecting the output file.

Missing User Warnings

Medium
Confidence
100% confidence
Finding
This line explicitly discloses the encryption password to stdout, creating a direct confidentiality leak. Because this skill supports batch and operational PDF handling, output may be collected into logs or viewed by other users, making the encrypted PDF easily decryptable by anyone who sees the console output.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 安装: pip install -r requirements.txt

# 核心 PDF 处理
pymupdf>=1.23.0
pdfplumber>=0.10.0

# Word/Excel 转换
Confidence
91% confidence
Finding
pymupdf>=1.23.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 核心 PDF 处理
pymupdf>=1.23.0
pdfplumber>=0.10.0

# Word/Excel 转换
python-docx>=1.1.0
Confidence
91% confidence
Finding
pdfplumber>=0.10.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pdfplumber>=0.10.0

# Word/Excel 转换
python-docx>=1.1.0
openpyxl>=3.1.0

# 图片处理
Confidence
95% confidence
Finding
python-docx>=1.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Word/Excel 转换
python-docx>=1.1.0
openpyxl>=3.1.0

# 图片处理
Pillow>=10.0.0
Confidence
95% confidence
Finding
openpyxl>=3.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openpyxl>=3.1.0

# 图片处理
Pillow>=10.0.0

# 可选: OCR 支持
# pytesseract>=0.3.10
Confidence
96% confidence
Finding
Pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# tessdata>=4.1.0

# 测试
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
80% confidence
Finding
pytest>=7.4.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# 测试
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
79% confidence
Finding
pytest-cov>=4.1.0

Known Vulnerable Dependency: pymupdf — 1 advisory(ies): CVE-2026-3029 (PyMuPDF has a path traversal in _main_.py)

Low
Category
Supply Chain
Confidence
87% confidence
Finding
pymupdf

Known Vulnerable Dependency: python-docx — 2 advisory(ies): CVE-2016-5851 (Improper Restriction of XML External Entity Reference in python-docx); CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct XML Exter)

High
Category
Supply Chain
Confidence
98% confidence
Finding
python-docx

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
98% confidence
Finding
openpyxl

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
Pillow

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low
Category
Supply Chain
Confidence
72% confidence
Finding
pytest

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal