Markdown to PDF Converter (v2.0)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: convert Markdown files to PDFs, with a disclosed first-run emoji download and local cache but no hidden or abusive behavior found.

Install only if you are comfortable with a shell-based converter that downloads about 150MB of Twemoji assets from GitHub on first run and stores them under ~/.cache/md2pdf. In stricter environments, pre-verify or vendor the Twemoji archive, fix the hardcoded helper script path, and use care with the documented cache cleanup command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises shell execution, file reads, and file writes through undocumented operational steps but declares no permissions or safety boundaries. This creates a transparency and governance gap: an agent may invoke filesystem and shell-capable behavior without users or policy layers being clearly informed.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The skill is presented as an offline Markdown-to-PDF converter, but it performs a runtime download from GitHub when the cache is absent. This creates an undeclared network dependency and remote supply-chain exposure, which is especially relevant for a document-conversion tool expected to operate on local files only.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: A document conversion script normally should not need network access during execution, yet this script downloads an archive from a remote source. That broadens the attack surface through remote content retrieval and makes behavior inconsistent with the stated purpose and user expectations.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The activation language is broad enough to match many ordinary document-conversion requests, increasing the chance the skill is selected in contexts where its shelling out, downloading resources, and writing files may be unnecessary or inappropriate. Over-broad routing is risky because it can expose users to more privileged behavior than the task actually requires.

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The documentation includes cache-deletion commands without an explicit warning that local cached assets will be removed and may need to be re-downloaded. While the target path is relatively narrow, users may still execute destructive commands casually, causing data loss or unnecessary network activity.

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: md2pdf-converter description: Offline Markdown to PDF converter with FULL Unicode support using Pandoc + WeasyPrint + local Twemoji cache (3660 colorful emojis). Converts Markdown documents to professional PDFs with Chinese fonts and colorful emojis (complete version with all variants). Use when user needs to convert Markdown reports or documents to PDF, generate PDFs with emoji support, create PDFs with proper Chinese character rendering, or work offline after initial setup. --- # Markdown to PDF Converter (Complete Version)
Confidence: 84% confidence
Finding: create PDFs with proper Chinese character rendering, or work offline after initial setup. --- # Markdown to PDF Converter (Complete Version) ## Overview Convert Markdown documents to professional P

Tool Parameter Abuse

High

Category: Tool Misuse
Content: 1. Check if emoji cache exists: `ls ~/.cache/md2pdf/emojis/` 2. Check if mapping exists: `ls ~/.cache/md2pdf/emoji_mapping.json` 3. If missing, delete cache and re-run: `rm -rf ~/.cache/md2pdf` 4. Verify emoji file exists: `ls ~/.cache/md2pdf/emojis/1f600.png` ### Emoji Displaying as Black-and-White
Confidence: 88% confidence
Finding: rm -rf ~/.cache/md2pdf` 4. Verify emoji file exists: `ls ~/.cache/md2pdf/emojis/1f600.png` ### Emoji Displaying as Black-and-White This issue has been **FIXED** in v2.0. If you still see black-and-w

Tool Parameter Abuse

High

Category: Tool Misuse
Content: 1. Check if emoji cache exists: `ls ~/.cache/md2pdf/emojis/` 2. Check if mapping exists: `ls ~/.cache/md2pdf/emoji_mapping.json` 3. If missing, delete cache and re-run: `rm -rf ~/.cache/md2pdf` 4. Verify emoji file exists: `ls ~/.cache/md2pdf/emojis/1f600.png` ### Emoji Displaying as Black-and-White
Confidence: 88% confidence
Finding: rm -rf ~/.cache/

Tool Parameter Abuse

High

Category: Tool Misuse
Content: 2. Clear cache and regenerate: ```bash rm -rf ~/.cache/md2pdf bash scripts/md2pdf-local.sh test.md test.pdf ```
Confidence: 88% confidence
Finding: rm -rf ~/.cache/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal