Generate Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward third-party HTML or URL to PNG API wrapper, with privacy considerations but no hidden or destructive behavior found.

Install only if you are comfortable sending the HTML, CSS, URLs, rendering parameters, and pdfapihub.com API key needed for each request to that third-party service. Avoid private/internal URLs, secrets, session-bearing links, proprietary HTML, or personal data unless that processing and the documented 30-day hosted-file retention are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to send a third-party API key and potentially arbitrary HTML or URLs to an external service without clearly warning that data and credentials leave the local environment. This creates a real transparency and privacy risk because users may unknowingly transmit sensitive content, internal URLs, or regulated data to pdfapihub.com.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal