ClawHub

Yq Pdf Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can publish user-provided HTML or URLs to a long-lived hosted page without enough consent or scoping.

Install only if you are comfortable with HTML or URL content being deployed to a persistent hosted link. Do not use it for confidential documents, private URLs, internal pages, credentials, customer data, or drafts unless you add an explicit confirmation and cleanup/access-control process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
79% confidence
Finding
Overly broad trigger phrases can cause the skill to activate on ordinary conversation and process content or URLs the user did not intend to publish. In this skill's context, activation can lead to deployment of arbitrary HTML to a long-lived public URL, so accidental triggering increases the chance of unintended data exposure rather than being a mere UX issue.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation rules specify when to trigger but not when to avoid triggering, which can cause the skill to run in ambiguous contexts. Because the workflow deploys user-provided HTML/URLs and returns a persistent link, mistaken activation can expose sensitive drafts, internal pages, or private documents to unintended audiences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The page accepts an arbitrary `url` query parameter and assigns it directly to the iframe `src`, allowing untrusted external or local content to be embedded without validation, restriction, or user warning. In a PDF-generation skill, this can be abused to load phishing pages, sensitive internal resources, or hostile content that manipulates what the user prints or saves, increasing SSRF-like and clickjacking-style risk depending on the runtime environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal