ClawHub

Book Walker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local PDF reading skill, with some privacy-relevant PDF listing, caching, and optional agent-side template processing that users should understand.

Install only if you are comfortable with the skill listing PDF filenames in your workspace and caching extracted PDF text locally. Avoid using non-default templates on confidential PDFs unless you are comfortable with the Agent/model processing those PDF blocks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document says the skill does not call an LLM, while also instructing the agent to parse the emitted payload and send document text plus a template prompt to an LLM. That contradiction obscures the real data flow and can cause sensitive PDF content to be transmitted to a model without clear user understanding or proper policy gating.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill derives a workspace root and recursively enumerates every PDF under it, not just files the user explicitly selected. In an agent setting, this expands the skill's visibility into unrelated documents and can expose sensitive filenames and document locations beyond the minimum needed for interactive PDF reading.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function recursively scans all PDFs in the workspace and returns them for indexing without any explicit warning, consent flow, or narrowing to the active task. Even if it only lists PDFs, filenames and paths can reveal confidential project names, clients, or document subjects, which is a meaningful privacy leak in a broad agent workspace.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal