ClawHub

PDF All-in-One

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF utility with ordinary PDF-processing risks, not evidence of hidden or malicious behavior.

Install only if you need broad local PDF tooling. Use it only on PDFs you own or are authorized to process, avoid putting real passwords directly in command lines, keep extracted text/form JSON/images in a controlled workspace, delete sensitive intermediates when finished, and make backups before repair or overwrite-style commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using triggers as broad as 'PDF' and 'pdf' is likely to activate the skill during ordinary conversation, causing unintended invocation of file-processing guidance. In an agent setting, overbroad triggers can route unrelated user requests into a skill that reads or writes files, increasing the chance of accidental data handling or unsafe tool use.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The reference explicitly includes commands to decrypt PDFs and remove password protection, but provides no warning that these operations should only be performed on documents the user is authorized to access. In a general-purpose PDF processing skill, this can normalize or facilitate bypassing document protections, especially if an agent surfaces these commands without policy checks or consent validation.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# Install system dependency (poppler)
# Ubuntu/Debian:
sudo apt-get install poppler-utils

# CentOS/RHEL:
sudo yum install poppler-utils
Confidence
93% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
sudo apt-get install poppler-utils

# CentOS/RHEL:
sudo yum install poppler-utils

# macOS:
brew install poppler
Confidence
93% confidence
Finding
sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal