ClawHub
Back to skill

Security audit

PDF Extract MD + Figures

Security checks across malware telemetry and agentic risk

Overview

This skill transparently converts a user-provided PDF into Markdown and extracted figure files, with no evidence of hidden data access, exfiltration, deletion, or persistence beyond normal dependency installation and output files.

Install this only if you want PDFs you provide to be locally converted into Markdown and saved figure images. Because it may install Python packages and create output folders, use a project or virtual environment for sensitive work and confirm the PDF/output paths before running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to read a user-supplied PDF and write multiple artifacts to disk, but it declares no explicit permissions or constraints. That mismatch weakens policy enforcement and user visibility, making it easier for file access to occur implicitly or more broadly than intended.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger language is extremely broad, effectively directing automatic activation for almost any uploaded PDF, even vague prompts like 'test' or 'analyze this PDF.' Over-broad auto-invocation increases the chance the agent will run file-processing and package-install commands without clear user intent, expanding attack surface and enabling unintended handling of sensitive documents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.