ClawHub

Book-PDF:书籍级PDF手册生成器

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent PDF book generator, but its helper scripts handle user-controlled titles and update messages unsafely enough that users should review it before running.

Install only if you are comfortable reviewing or patching the scripts first. Run it in an isolated project directory, avoid untrusted or punctuation-heavy titles and changelog messages, do not use slashes or '..' in titles, and expect npm/Chromium downloads plus possible Google Fonts network requests during rendering.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
The stylesheet imports Google Fonts from an external URL, which causes network access during rendering and leaks metadata such as IP address, timing, and document-generation context to a third party. In a local PDF-generation skill, this is unnecessary supply-chain and privacy exposure, especially in offline, sensitive, or reproducible build environments.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are very broad, including generic requests like '做一本书' or '做个完整指南', which can cause the skill to activate in contexts where the user did not intend a shell-enabled, multi-step PDF-generation workflow. In an agent environment, unintended activation is dangerous because it may steer execution toward filesystem changes, shell commands, dependency installation, or PDF-building actions without a sufficiently specific user request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal