Security audit

Paper Summarize Pdf To Feishu

Security checks across malware telemetry and agentic risk

Overview

This skill’s PDF-to-Feishu workflow is coherent and disclosed, but it should only be used when you are comfortable uploading PDF-derived content and figures to Feishu.

Install only if you intend PDF summaries and selected figures to be written to Feishu. Avoid using it on confidential or unpublished PDFs unless Feishu storage and sub-agent processing are acceptable, approve any system package installation yourself, confirm the target document, and delete local paper folders/logs/token files when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill reads `~/.openclaw/openclaw.json` to inspect user-specific local configuration in the home directory, which goes beyond the core need of summarizing a PDF and writing to Feishu. Even if used only for model discovery, it expands the skill's access to potentially sensitive local state and creates an unnecessary data-access surface.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The skill instructs execution of `sudo apt-get install` commands, which perform privileged system-wide package installation unrelated to the immediate handling of a single PDF. This creates a clear privilege-escalation and system-modification risk: a document-processing skill should not require root-level changes at runtime.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough to match ordinary PDF/help requests such as '总结这个 PDF' or '论文总结', increasing the chance the skill activates in contexts where the user did not intend Feishu upload or multi-step processing. In this skill, overbroad activation is more dangerous because the workflow includes external document creation, image extraction, and content transmission.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends extracted paper text and images to Feishu but does not clearly disclose, up front, that document contents will be transmitted to an external service. This undermines informed consent and can expose confidential or unpublished paper content, especially in enterprise or research settings.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.