ClawHub

PDF Watermark Remover

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF editing skill whose destructive watermark-removal behavior is mostly disclosed, but users should handle link removal and broad thresholds carefully.

Install only if you need local PDF watermark removal and have permission to modify the document. Work on copies, review the output page by page, keep position and size thresholds narrow, and do not use --remove-links unless you also provide a specific --link-domain for the watermark provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The documented behavior includes optional link-annotation removal even though the skill is presented primarily as a watermark remover. That expands the destructive scope from visual cleanup into document-structure modification, which can remove user-important hyperlinks and change document meaning in ways a user may not expect from the skill description.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
When no domain is provided, the code deletes every link annotation with a URI on the page, not just links associated with watermarks. In the context of a PDF-cleanup skill, this can silently destroy legitimate citations, navigation, purchase links, consent links, or compliance references, causing integrity loss well beyond the user's likely intent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are very broad and can match many benign requests to remove watermarks without clarifying that this skill rewrites PDF content streams and may remove matching images. In an agent setting, ambiguous activation increases the chance the skill is invoked on the wrong documents or for the wrong watermark type, causing unintended destructive edits.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The 'When to Use' section gives activation guidance that is still too open-ended and lacks exclusions, making accidental or overbroad invocation more likely. Because the skill removes drawing instructions by heuristic position and size, misuse could delete legitimate page elements that resemble a watermark.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill does not prominently warn that it rewrites PDF content streams and resource dictionaries, which is a destructive modification that can remove non-watermark images if thresholds are too broad. Without an upfront warning, users or calling agents may assume a safe cosmetic change and underestimate the risk of irreversible content loss.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs destructive in-place content rewriting of PDF objects and can optionally delete annotations, but it provides no explicit warning or confirmation about irreversible semantic changes to the document. Users may assume this is a cosmetic cleanup operation and unknowingly lose functional content such as links or embedded drawing instructions.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal