ClawHub

Pdf

Security checks across malware telemetry and agentic risk

Overview

This is a local PDF-processing skill with expected file access, but users should be careful with sensitive, password-protected, or original-copy documents.

Install only if you are comfortable with a local PDF tool reading the documents you provide and creating derived files. Use copies for important documents, avoid in-place repair commands on your only copy, and only decrypt or remove protection from PDFs you are authorized to access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill demonstrates file read/write capabilities throughout its examples, but the metadata does not declare any permissions or constraints. In an agent environment, this can cause the skill to be invoked with broader filesystem access than users or reviewers expect, increasing the risk of unintended access to local documents or overwriting files.

Vague Triggers

High
Confidence
87% confidence
Finding
The activation rule says to use this skill whenever the user wants to do anything with PDF files or even merely mentions a .pdf file, which is overly broad. Over-triggering a file-capable skill increases the chance that sensitive PDFs are opened, transformed, or written unnecessarily, and can crowd out safer, narrower workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide includes direct instructions for decrypting or removing PDF passwords without any warning about authorization, ownership, or handling of protected content. In a general-purpose agent skill, that normalizes bypass-oriented behavior and can facilitate unauthorized access to confidential documents when users present protected PDFs.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal