ClawHub

WPS PDF Processing

Security checks across malware telemetry and agentic risk

Overview

This PDF skill is mostly a normal PDF helper, but its OCR conversion can upload full PDFs to WPS using an environment session token without clearly warning the user.

Review before installing. Use this skill only if you are comfortable with PDF-to-Markdown/OCR conversion sending document contents to WPS cloud services and with the agent using WPS session values from your environment. Avoid confidential, regulated, or third-party PDFs unless you explicitly approve that upload and choose safe output locations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill demonstrates capabilities to read files, write files, access environment variables, and likely invoke network-dependent OCR tooling, but it does not declare permissions or boundaries for those actions. This increases the chance of over-privileged execution, unintended data access, and review blind spots because operators cannot easily see what resources the skill may touch.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script sends the full local PDF to a remote WPS API and then retrieves image content from URLs embedded in the returned markdown. That creates a real data-exfiltration boundary and expands the trust surface beyond local PDF processing, especially because the skill description does not clearly disclose that user documents are uploaded to an external service.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code automatically consumes ambient authentication tokens from environment variables and uses them to access a remote service without requiring the caller to pass credentials explicitly. In an agent environment, this can let a seemingly simple PDF utility silently act with the operator's existing session and access scope, increasing the risk of unauthorized remote actions or unintended data exposure.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger condition is extremely broad: it says to use this skill whenever the user mentions a PDF file or wants to generate PDF output. That can cause accidental invocation in unrelated or sensitive contexts, increasing the chance that the agent performs file operations on PDFs without sufficient confirmation or routes tasks into this skill when a safer, narrower tool would be more appropriate.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal