ClawHub

a2f

Security checks across malware telemetry and agentic risk

Overview

This skill’s PDF-to-image workflow is coherent, but it sends local PDFs and locally sourced authentication headers to an external API with weak disclosure and broad triggers.

Review before installing. Use only PDFs you are allowed to send to wuji.cyphy.com, avoid sensitive or regulated documents unless you have approval, and inspect what get_headers() supplies in your environment before running the example scripts.

Publisher note

a2f 1.0.0 - Initial release of WUJI archive to Figurea (a2f) 1. Upload a PDF with character descriptions to extract features like appearance, clothing, personality. 2. Use the extracted features to create character portraits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README documents a workflow that uploads PDFs to an external API but does not warn users that document contents may leave the local environment and be processed remotely. For a skill handling archive PDFs that may contain sensitive personal, historical, or proprietary material, this omission can cause unintentional data disclosure and unsafe use in privacy-sensitive contexts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill's core workflow uploads user-provided PDF files to an external service for feature extraction, yet the documentation does not clearly warn users that document contents leave the local environment. Because PDFs may contain sensitive personal, proprietary, or regulated information, this omission creates a significant privacy and data-handling risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Several triggers such as "a2f," "character generation," and "extract character features" are broad enough to match unrelated requests, which can cause accidental invocation of a skill that uploads files and sends prompts to an external API. In this context, overbroad triggering is more dangerous because unintended activation could lead to unexpected remote processing of user data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example uploads a local PDF to a remote third-party API and uses authentication headers, but it provides no user-facing notice, consent step, or guidance about what data leaves the machine. In a skill that processes archives into generated figures, users may reasonably run the sample with real or sensitive source documents, creating an inadvertent data disclosure risk rather than an implementation exploit.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script silently retrieves credentials via get_headers() and uses them for outbound API calls without disclosing that authentication material will be accessed. This can surprise users running a 'quick start' example, especially in shared or automated environments where existing API credentials may be picked up unintentionally and used against a live external service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal