This PDF-to-Word skill is vulnerable to prompt
Claims to do
PDF ת Word ����: �����û��ϴ��� PDF �ļ�������ת��Ϊ�ɱ༭�� Word �ĵ���.docx����������ת�������ļ���
Actually does
This skill takes a PDF file as input, likely processes it using a Python backend with the `pdf2docx` library to convert it into a `.docx` Word document, and then returns the converted file to the user. It does not specify contacting external URLs or executing shell commands beyond the Python script itself.
openclaw skills install zhao1263445468/pdf-to-wordDeBERTa classifier detected prompt injection (confidence: 1.00)
The skill's name, description, and parameter descriptions contain garbled characters. While likely an encoding issue, this could potentially obscure malicious intent or make the skill's true purpose less clear.
description: PDF ļתΪ Word ĵ.docx (line 4)
The skill's 'file' parameter explicitly allows providing a file path, which is then processed by a backend script. This enables arbitrary file reads (reconnaissance, data exfiltration) and, if the path is not sanitized, could lead to command injection by passing malicious commands to the backend script.
parameters: - name: file description: Ҫת PDF ļ֧ϴṩļ· required: true type: file (lines 8-12) and 2. Զų́űת (line 27)
The converted Word file is returned as a download link or directly sent to the user. Without clear mechanisms for secure temporary storage and access control, this could potentially be abused for data exfiltration or to expose temporary files.
3. תɺ Word ļӻֱļʽû (line 28)
[](https://mondoo.com/ai-agent-security/skills/clawhub/zhao1263445468/pdf-to-word)<a href="https://mondoo.com/ai-agent-security/skills/clawhub/zhao1263445468/pdf-to-word"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/zhao1263445468/pdf-to-word.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/clawhub/zhao1263445468/pdf-to-word.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.