ClawHub

Pdf Poppler Utils

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate Poppler PDF helper, but it needs Review because it strongly steers users toward a system-changing curl unlink step outside normal PDF work.

Install only if you need local Poppler PDF command-line tools. Do not run `brew unlink curl -v` unless you understand the impact on Homebrew curl and related tools. Use password, hidden-text, DRM override, attachment extraction, and signing options only on documents you are authorized to process, and avoid putting real passwords directly in commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill recommends `brew unlink curl -v`, which changes a system-wide networking dependency unrelated to core PDF operations and can disrupt other software that relies on the Homebrew-managed `curl`. Even though it asks for human permission, the guidance normalizes an unnecessary environment modification and could lead an agent or user to break certificate handling or alter system behavior outside the skill's scope.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file frames `pdfsig` as a verification tool, but it also documents capabilities that can write to disk (`-dump`) and modify documents by adding signatures (`-add-signature`, `-sign`). This mismatch can mislead an agent or user into invoking state-changing operations under a read-only trust assumption, increasing the risk of unintended file modification or data exposure.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation claims a verification-only purpose while listing options that add signatures and otherwise perform write operations. In an agent setting, inaccurate capability scoping is dangerous because policy or workflow decisions may rely on the documented purpose and mistakenly permit a tool that can alter artifacts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages extraction of text, metadata, images, and attachments from PDFs without warning that untrusted PDFs may contain sensitive embedded content or hidden attachments. In an agent setting, this increases the risk of inadvertently exposing secrets, personal data, or confidential documents by automatically processing and surfacing extracted content from untrusted files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to extract embedded files from PDFs but does not warn that extraction writes attacker-controlled content to disk and that attachments may be malicious, sensitive, or unexpectedly executable. In an agent context, this increases the chance of unsafe automated handling of untrusted PDF attachments, including persistence of malware or leakage of confidential embedded content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill omits warnings for options that can write signature material to the current directory or modify PDFs by adding signatures. Without explicit cautions, an agent may use these options in contexts expecting non-destructive analysis, causing unintended artifact creation, document changes, or leakage of extracted signature data to disk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly advertises `-nodrm` to override document DRM settings and `-hidden` to extract hidden text without any warning about authorization, privacy, or legal/rights implications. In a tool skill intended to guide agent use, this can normalize or enable extraction of protected or intentionally concealed content from PDFs, increasing the chance of misuse against sensitive documents.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly lists `-opw password` and `-upw password` command-line options without warning that supplying secrets directly on the command line can expose them via shell history, process listings, audit logs, or agent telemetry. In an agent skill context, users may copy these examples or construct commands from the docs, increasing the chance of credential leakage during PDF processing.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal