ClawHub

Add watermark to PDF

v1.0.0

Add a text watermark to one or multiple PDFs by uploading them to the Solutions API, polling until completion, then returning download URL(s) for the watermarked PDF(s) (or a ZIP if multiple).

0· 1.2k·3 current·3 all-time
by@crossservicesolutions

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for crossservicesolutions/add-watermark-to-pdf.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Add watermark to PDF" (crossservicesolutions/add-watermark-to-pdf) from ClawHub.
Skill page: https://clawhub.ai/crossservicesolutions/add-watermark-to-pdf
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install crossservicesolutions/add-watermark-to-pdf

ClawHub CLI

Package manager switcher

npx clawhub@latest install add-watermark-to-pdf
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md, README, and included Python script all implement the stated purpose (upload PDFs + watermark text to an external Solutions API and poll for results). However the registry metadata declares no required environment variables or primary credential even though the skill requires an API key (Bearer token). The skill also supports overriding the base URL via SOLUTIONS_BASE_URL, which is reasonable for testing but increases the attack surface if not constrained.
!
Instruction Scope
Instructions keep to the document-processing scope (accept files, upload them, poll result). They do not read unrelated system files. Concerns: (1) the SKILL.md and script recommend never echoing the API key, but the registry does not declare that credential — a mismatch; (2) the script includes 'raw' API response in its printed output and by default returns watermark_text in the result, which may leak sensitive information from either the user's watermark or fields included by the API.
Install Mechanism
No install spec is present (instruction-only install), and the included code is a simple Python script with a single dependency 'requests'. There are no remote download/install steps or exotic package sources. This is a low install-risk scenario, though the repository includes executable script files that the agent or user may run locally.
!
Credentials
The declared registry metadata lists no required env vars or primary credential, but SKILL.md and the script clearly require an API key (SOLUTIONS_API_KEY or passed via --api-key). That mismatch is noteworthy: the skill needs a sensitive credential but the manifest doesn't advertise it. Additionally SOLUTIONS_BASE_URL can be overridden, meaning the skill could be pointed at an arbitrary endpoint to receive uploaded PDFs if misconfigured or maliciously modified.
Persistence & Privilege
The skill does not request elevated persistence: always is false, it is user-invocable, and it does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags here.
What to consider before installing
This skill appears to do what it claims, but there are some mismatches and privacy risks to consider before installing or using it: - Verify the service/domain: confirm that https://api.xss-cross-service-solutions.com and https://login.cross-service-solutions.com are legitimate and trustworthy before providing an API key. - Credentials: the SKILL.md and script require a Solutions API key (Bearer token), but the skill metadata does not declare it. Treat the API key as sensitive — only provide it to services you trust, and prefer passing it at runtime rather than storing it insecurely. - Output leakage: the script includes the API 'raw' response and by default returns watermark_text in its printed JSON. If your watermark or the API response may contain sensitive data, request the skill be modified to omit 'raw' and avoid returning watermark_text. - Base URL override: SOLUTIONS_BASE_URL can be changed; do not point it to unknown hosts. If you plan to run this as an automated skill, consider locking or validating the base URL to a known good domain to prevent inadvertent exfiltration. - Inspect locally: because this package includes a runnable Python script, review and run it locally with non-sensitive test files first. Confirm behavior and outputs before granting the skill access to real documents or credentials. If you need higher assurance, ask the publisher for: a homepage/source repo, explicit manifest entries declaring required env vars (primaryEnv), and a privacy/security statement describing how uploaded PDFs are handled and retained.

Like a lobster shell, security has layers — review code before you run it.

latestvk976jedy15mhvsm9q2yhhq1byn80tb5s
1.2kdownloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@crossservicesolutions
latest
Download

add-watermark-to-pdf

Purpose

This skill adds a text watermark to one or multiple PDFs by:

  1. accepting one or multiple PDF files from the user,
  2. accepting a watermark text string,
  3. uploading them to the Solutions API,
  4. polling the job status until it is finished,
  5. returning download URL(s) for the resulting file(s). If multiple PDFs are processed, the output may include multiple PDFs and/or a ZIP for download.

Credentials

The API requires an API key used as a Bearer token:

  • Authorization: Bearer <API_KEY>

How the user gets an API key:

Rule: never echo or log the API key.

API endpoints

Base URL:

  • https://api.xss-cross-service-solutions.com/solutions/solutions

Create watermark job:

  • POST /api/61
  • multipart/form-data parameters:
    • files — required — multiple PDF files (multiple_files)
    • text — required — string (watermark text)

Get result by ID:

  • GET /api/<ID>

When done, the response contains:

  • output.files[] with { name, path } where path is a downloadable URL (PDFs and/or ZIP).

Inputs

Required

  • One or more PDF files (binary)
  • Watermark text (text, string)
  • API key (string)

Optional

  • None

Output

Return a structured result:

  • job_id (number)
  • status (string)
  • outputs (array) containing { name, path } for each output file
  • Convenience fields:
    • download_url (string) if exactly one output exists
    • download_urls (array of strings) for all outputs
  • input_files (array of strings)
  • watermark_text (string) — returned only if safe; do not return if user considers it sensitive

Example output:

{
  "job_id": 6101,
  "status": "done",
  "outputs": [
    { "name": "watermarked.pdf", "path": "https://.../watermarked.pdf" }
  ],
  "download_url": "https://.../watermarked.pdf",
  "download_urls": ["https://.../watermarked.pdf"],
  "input_files": ["input.pdf"]
}

Comments

Loading comments...