ClawHub

IR PDF Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-directed tool for finding and downloading public IR PDF documents, with no hidden persistence, credential access, or destructive behavior found.

Install this only if you want an agent to contact public web sources and save downloaded PDFs in the workspace. Use explicit trusted IR, SEC, or Wayback targets, and double-check issuer matches and downloaded PDFs before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The downloader accepts arbitrary user-supplied URLs and fetches them directly without enforcing the skill's stated IR-only scope or validating that the target is actually a PDF before downloading. In an agent context, this broadens the capability into a general network fetch primitive that can be abused for unintended access to internal services, arbitrary hosts, or non-IR content, with validation only occurring after the request and data transfer already happened.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The Wayback search feature enumerates PDF URLs for any supplied domain rather than limiting discovery to investor-relations sites or expected IR paths. That makes the skill a broader archival discovery tool than advertised, increasing the chance it is used to collect unrelated documents or bypass intended scope controls in a larger agent system.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The alias "li" is excessively broad for issuer identification because it is a common short token that can appear in unrelated text, names, URLs, or file titles. In a skill that discovers and downloads IR PDFs, this can cause incorrect issuer resolution and lead the agent to fetch documents from the wrong company, creating data integrity and workflow trust issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal