ClawHub

Change permissions of PDF

v1.0.0

Change a PDF’s permission flags (edit, print, copy, forms, annotations, etc.) by uploading it to the Solutions API, polling until completion, then returning a download URL for the updated PDF.

0· 1.1k·0 current·0 all-time
by@crossservicesolutions

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for crossservicesolutions/change-pdf-permissions.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Change permissions of PDF" (crossservicesolutions/change-pdf-permissions) from ClawHub.
Skill page: https://clawhub.ai/crossservicesolutions/change-pdf-permissions
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install crossservicesolutions/change-pdf-permissions

ClawHub CLI

Package manager switcher

npx clawhub@latest install change-pdf-permissions
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, SKILL.md, README, and the Python script all consistently implement changing PDF permission flags by uploading the file to the Solutions API, polling, and returning a download URL. The required request parameters, endpoints, and outputs align with the stated purpose.
!
Instruction Scope
The skill requires uploading user PDF files to an external service (api.xss-cross-service-solutions.com). SKILL.md and the script both rely on that network interaction and will transmit entire PDF contents off‑host. There is no explicit privacy notice or warning to users about uploading potentially sensitive documents. The runtime instructions do not instruct the agent to access unrelated local files or credentials, but they do require an API key which must be provided; the registry metadata did not declare this.
Install Mechanism
No install spec is provided (instruction-only / script-only), so nothing is automatically downloaded or extracted by the skill registry. The included Python script depends on the well-known 'requests' package (requirements.txt). This is low risk from an install perspective.
!
Credentials
The SKILL.md and script require an API key (passed via --api-key or SOLUTIONS_API_KEY), but the registry metadata lists no required environment variables or primary credential. That mismatch is notable: the skill cannot function without an external API key, yet the registry didn't declare it. Also the skill will send arbitrary user PDFs to a third‑party service, so requiring/handling that secret and user files is a significant privilege and privacy consideration.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It does not modify other skills or system configuration. The default autonomous invocation model applies (not flagged by itself).
What to consider before installing
This skill appears to be internally consistent — it uploads a PDF to an external Solutions API and returns a download URL — but exercise caution before installing or using it: - Do not upload sensitive or confidential PDFs unless you trust the service and its privacy policy. The skill transmits full document contents to api.xss-cross-service-solutions.com. - The registry metadata did not declare the required API credential (the script expects an API key via --api-key or SOLUTIONS_API_KEY). Confirm where you should obtain the key and that the provider is legitimate before supplying credentials. - Verify the provider domain (login.cross-service-solutions.com / api.xss-cross-service-solutions.com). The owner and homepage are unknown in the registry; look up the service, its privacy/security documentation, and whether it’s reputable. - Test on non-sensitive sample PDFs first and inspect returned URLs to ensure they point to the expected provider and use HTTPS. - If you need to avoid third‑party uploads, consider running a local tool that modifies PDF permissions or use an alternative trusted provider. If you want a firmer verdict, provide evidence that the service domain is trusted (official homepage, privacy policy, or company info) or confirm how API keys are issued; lacking that, treat this skill as potentially risky for sensitive documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97483bnckcsz1tf9kp859rcbx80v2da
1.1kdownloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@crossservicesolutions
latest
Download

change-pdf-permissions

Purpose

This skill changes the permission flags of a PDF (e.g., whether it can be printed, edited, or copied) by:

  1. accepting a PDF file from the user,
  2. accepting desired permission settings (true/false),
  3. uploading them to the Solutions API,
  4. polling the job status until it is finished,
  5. returning the download URL for the updated PDF.

Credentials

The API requires an API key used as a Bearer token:

  • Authorization: Bearer <API_KEY>

How the user gets an API key:

Rule: never echo or log the API key.

API endpoints

Base URL:

  • https://api.xss-cross-service-solutions.com/solutions/solutions

Create permission-change job:

  • POST /api/75
  • multipart/form-data parameters:
    • file — required — PDF file
    • canModify — required — "true" or "false"
    • canModifyAnnotations — required — "true" or "false"
    • canPrint — required — "true" or "false"
    • canPrintHighQuality — required — "true" or "false"
    • canAssembleDocument — required — "true" or "false"
    • canFillInForm — required — "true" or "false"
    • canExtractContent — required — "true" or "false"
    • canExtractForAccessibility — required — "true" or "false"

Get result by ID:

  • GET /api/<ID>

When done, the response contains:

  • output.files[] with { name, path } where path is a downloadable URL.

Inputs

Required

  • PDF file (binary)
  • Permission flags (boolean-like), all required by API:
    • canModify
    • canModifyAnnotations
    • canPrint
    • canPrintHighQuality
    • canAssembleDocument
    • canFillInForm
    • canExtractContent
    • canExtractForAccessibility
  • API key (string)

Optional

  • None

Defaults (recommended)

If the user does not specify permissions, use a conservative default that disallows modification and extraction, but allows printing:

  • canModify: false
  • canModifyAnnotations: false
  • canPrint: true
  • canPrintHighQuality: true
  • canAssembleDocument: false
  • canFillInForm: true (reasonable default if forms exist)
  • canExtractContent: false
  • canExtractForAccessibility: true (often desirable for accessibility)

These defaults can be adjusted per product policy.

Output

Return a structured result:

  • job_id (number)
  • status (string)
  • download_url (string, when done)
  • file_name (string, when available)
  • permissions (object) reflecting the final values sent

Example output:

{
  "job_id": 7501,
  "status": "done",
  "download_url": "https://.../permissions.pdf",
  "file_name": "permissions.pdf",
  "permissions": {
    "canModify": false,
    "canModifyAnnotations": false,
    "canPrint": true,
    "canPrintHighQuality": true,
    "canAssembleDocument": false,
    "canFillInForm": true,
    "canExtractContent": false,
    "canExtractForAccessibility": true
  }
}

Comments

Loading comments...