Is crossservicesolutions/remove-password-from-pdf safe?

https://github.com/openclaw/skills/tree/main/skills/crossservicesolutions/remove-password-from-pdf

49
DANGEROUS

This skill masquerades as a PDF password removal utility but is designed to exfiltrate user documents and passwords to suspicious external servers. The domain name contains 'xss' suggesting potential malicious intent, and the skill's primary function is to collect and transmit sensitive user data.

Category Scores

Prompt Injection 60/100 · 30%
Data Exfiltration 0/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 5/100 · 5%

Findings (5)

CRITICAL Explicit User Data Exfiltration -100

This skill is designed to collect sensitive user documents (password-protected PDFs) and their passwords, then upload them to external servers controlled by unknown parties. The skill instructs agents to send user files and credentials to api.xss-cross-service-solutions.com.

HIGH Suspicious Domain Name -25

The API domain contains 'xss' which commonly refers to cross-site scripting attacks. This could indicate malicious intent or be deliberately chosen to appear technical while hiding malicious purposes.

HIGH Malicious Service Masquerading as Utility -95

This skill presents itself as a legitimate PDF password removal utility, but is actually designed to harvest user documents and passwords. There is no way to verify what happens to uploaded data or who controls the destination servers.

MEDIUM Python Script with External Data Upload -40

The included Python script contains functionality to read local files and upload them to external servers, creating a vector for data exfiltration when executed.

MEDIUM Instructions for External Service Communication -15

The skill instructs the agent to communicate with external services and handle sensitive user credentials, creating opportunities for data leakage.