ClawHub

nano-banana-pdf-edit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PDF-editing skill, but users should understand that it sends PDF page content to Google Gemini and relies on external CLI dependencies.

Install only if you are comfortable using nano-pdf and Google Gemini for the PDFs you edit. Avoid confidential, regulated, or customer documents unless your policy allows third-party AI processing; keep backups of originals; review the file path, page numbers, output path, and context flags before running; and use a dedicated Gemini API key with spending limits where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README states that the skill 'triggers automatically' for a wide range of natural-language requests, which creates a real risk of unintended invocation on PDFs the user did not explicitly intend to send through this workflow. In this skill's context, accidental triggering is more dangerous because the operation can modify user documents and send rendered page images/content to an external AI service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explains that page images, style references, and context are sent to Gemini, but it does not prominently warn users that document content may leave the local environment and be processed by a third party. In a PDF-editing skill, documents often contain sensitive business, legal, or personal data, so missing disclosure materially increases privacy and data-handling risk.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill advertises very broad trigger phrases like 'edit my pdf', 'update my slides', and even generic requests such as changing a title on a page. This can cause the skill to activate for common document-editing requests and route sensitive PDFs into an AI-powered workflow that sends page images and possibly full document text to an external service, increasing the chance of unintended data exposure or misuse.

Missing User Warnings

High
Confidence
96% confidence
Finding
The document states that nano-pdf sends PDF pages to Google's Gemini 3 Pro Image and may use full PDF text as context, but the user-facing workflow and prerequisites do not clearly foreground this as a data-sharing/privacy disclosure. A user could unknowingly submit confidential slides, reports, or regulated data to a third-party cloud model, especially since '--use-context' can include the full PDF text.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal