Security audit

OpenDataLoader PDF

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent PDF-processing skill, but users should understand that using a remote backend may send document contents off the local machine.

Install only if you are comfortable with the PDF workflow and, if using the remote hybrid backend, configure it to a server you trust. Avoid sending confidential PDFs to an unknown backend, and prefer a local backend for sensitive documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The CLI reference documents use of a remote hybrid backend via an environment variable URL without warning users that PDF contents may be transmitted off-host for processing. Because PDFs often contain sensitive business, legal, or personal data, this omission can cause users to unknowingly send confidential content to a remote service, creating privacy, compliance, and data-handling risks.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal