ClawHub
Back to skill

Security audit

PDF to markdown converter

Security checks across malware telemetry and agentic risk

Overview

This PDF conversion skill is purpose-aligned, but it needs Review because setup can modify multiple agent environments and the handling of sensitive documents and API keys is not tightly scoped.

Install only if you trust the PDF2Markdown CLI/package and are comfortable sending selected documents or URLs to its service. Prefer manual, single-agent setup over all-agent installation, avoid unpinned npx for routine use, and use interactive login or a secret manager rather than pasting real API keys into shell commands or chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description contains broad trigger phrases like "convert this PDF," "parse this document," and "large file," which can match many ordinary user requests and cause the agent to invoke this skill too eagerly. Over-broad routing increases the chance of sending local files or user-supplied URLs to an external CLI/service without sufficiently verifying that this specific tool is the right or safest choice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installation guide encourages users to pass a live API key directly on the command line and set it in shell commands, which can leak secrets into shell history, process listings, terminal logs, CI logs, and screenshots. In a skill intended for agent setup and authentication, this is especially risky because users may copy-paste the examples verbatim and expose production credentials unintentionally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal