ClawHub

md-to-office

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Pandoc helper with broader examples than its Markdown-to-PDF description, but no hidden code, persistence, credentials, or automatic behavior.

Install Pandoc and any PDF engine from trusted sources, use this skill primarily for explicit local Markdown-to-PDF requests, and approve any remote URL or non-PDF conversion only when you intentionally want that broader Pandoc behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill manifest says the capability is limited to local Markdown-to-PDF conversion, but the documentation broadens behavior to general pandoc format conversion, templates, metadata, DOCX/HTML output, and URL-based inputs. This creates scope drift that can mislead an agent into performing unintended file transformations or handling untrusted remote content beyond the declared trust boundary.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The documentation explicitly instructs pandoc to fetch content directly from a URL, introducing network access into a skill described as local Markdown-to-PDF conversion. In an agent setting, this can enable unexpected outbound requests, retrieval of attacker-controlled content, and bypass of assumptions that the skill operates only on local files.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Including a URL-fetching example without any warning normalizes external data retrieval and may cause an agent or operator to overlook that network access is occurring. Because the skill's stated purpose is local conversion, the undocumented network behavior increases the chance of unsafe use with untrusted remote content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal