AI PDF Converter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward PDF conversion skill, but users should know PDFs may be processed by MinerU and converted files will be written locally.

Install only if you trust the mineru-open-api package and MinerU's handling of uploaded documents. Avoid using it on confidential, regulated, legal, or financial PDFs unless you are allowed to send them to an external service, and choose explicit input files and output folders when converting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs users to upload or process PDFs through the MinerU API but does not clearly warn that document contents may be transmitted to a third-party service. Because the skill is explicitly marketed for sensitive document types such as legal contracts, financial reports, and multilingual scanned documents, users may unknowingly expose confidential or regulated data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal