Back to skill

Security audit

Image Paginator(律师证据长截图转PDF)

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal image-to-PDF helper, but its install and runtime instructions include avoidable side effects that deserve user review before installation.

Review the installer before running it. Prefer a pinned release or checksum-verified download, and do not let the agent auto-open generated PDFs unless you explicitly want that behavior. The evidence supports review caution, not a finding of malicious behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly directs the agent to execute shell commands, install dependencies, and run a Python script, yet no permissions are declared. This mismatch weakens platform-level consent and review controls because an agent may gain shell capability implicitly rather than through explicit permission disclosure.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The guardrails instruct the agent to automatically launch the generated PDF with `open <path>`, which adds an OS-level action beyond file conversion. Auto-opening files can trigger associated applications, previews, plugins, network access, or unintended user-environment interactions without explicit consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill mandates automatic opening of the generated PDF without warning or confirmation. This bypasses a basic safety checkpoint for a non-essential side effect and may surprise users or cause execution of external handlers tied to the file type.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer unconditionally deletes the existing skill directory with `rm -rf` before verifying the new download or asking for confirmation. This can cause data loss or leave the skill broken if the download, unzip, or move step fails afterward.

External Transmission

Medium
Category
Data Exfiltration
Content
bash install.sh

# 方法二:直接下载
curl -fsSL https://github.com/wux818738-alt/openclaw-skill-image-paginator/archive/refs/heads/main.zip -o /tmp/skill.zip
unzip /tmp/skill.zip -d ~/.qclaw/skills/
pip3 install fpdf2 Pillow
```
Confidence
88% confidence
Finding
curl -fsSL https://github.com/wux818738-alt/openclaw-skill-image-paginator/archive/refs/heads/main.zip -o /tmp/skill.zip unzip /tmp/skill.zip -d ~/.qclaw/skills/ pip3 install fpdf2 Pillow ``` 安装后直接运行

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.