ClawHub

Byted Las Pdf Parse Doubao

Security checks across malware telemetry and agentic risk

Overview

This PDF parsing skill does what it claims, but it automatically installs remote executable SDK code and can run unbounded polling, so it needs user review before installation.

Install only if you trust the Volcengine LAS service and the hosted SDK source, and if you are comfortable sending the target PDFs and extracted content to that provider. Prefer a revised version that pins or bundles the SDK, asks before downloading or installing code, documents privacy handling for sensitive PDFs, and adds a timeout or stop control for background polling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to execute shell commands (`source`, `lasutil`, `jq`, file writes/uploads) but does not declare any permissions or capability boundaries. Undeclared shell access is dangerous because users and reviewers may not realize the skill can access local files, environment variables, and networked resources, increasing the chance of unintended command execution or data exposure.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The init script fetches a remote manifest and conditionally installs a wheel from a network URL during environment setup. This creates a supply-chain and integrity risk because code execution is delegated to remote content outside the skill package, and the behavior is not necessary for a PDF parsing skill's core function at runtime.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The API documentation instructs users to submit remote URLs and authenticate with an API key, but it does not warn that PDFs may contain sensitive data and that providing a public URL or third-party service access can expose confidential content. In this skill's context, the operator uploads or fetches documents for OCR/parsing, so missing privacy guidance increases the risk of accidental disclosure of internal or personal documents.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script silently performs network access and installs executable Python code from a remote URL without an interactive warning or prior approval. If the remote host, manifest flow, or package artifact is compromised, invoking the script can lead to arbitrary code execution in the user's environment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal