ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Pdf Builder

v1.2.3

AI-powered PDF generator for legal docs, pitch decks, and reports. SAFEs, NDAs, term sheets, whitepapers. npx ai-pdf-builder. Works with Claude, Cursor, GPT, Copilot.

1· 5.5k·27 current·29 all-time
byNext Frontier AI@nextfrontierbuilds
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to generate PDFs locally (via Pandoc/LaTeX) and via AI. Local-generation requirements (Pandoc, TeX) are appropriate. However, the SKILL.md also instructs users to run 'npx ai-pdf-builder' which will fetch and execute package code from npm at runtime — a capability not obvious from an instruction-only skill manifest and not declared in the metadata. README and SKILL.md reference npm and GitHub URLs but the source is listed as 'unknown' and the manifest version (1.2.3) vs README (0.4.0) conflicts, reducing trust in provenance.
!
Instruction Scope
Runtime instructions tell the agent to read content from the user's message or files and either convert locally or call cloud APIs. The SKILL.md explicitly instructs checking for Pandoc and reading/using user-supplied files (expected), but also describes a cloud API option and instructs setting an ANTHROPIC_API_KEY. The skill does not declare that environment variable in its metadata. The cloud path implies documents could be transmitted off-device (possible data exfiltration) to ai-pdf-builder.com or third-party AI services — the instructions do not limit or clearly document this behavior.
!
Install Mechanism
There is no declared install spec, but the instructions encourage usage via 'npx ai-pdf-builder', which will download and run remote npm package code at time of use. That effectively functions as an install/execute step and can run arbitrary code. Because no package checksum, publisher verification, or pinned source is provided and the skill registry shows 'Source: unknown', this is higher risk than a purely local-instruction skill.
!
Credentials
The SKILL.md asks users to export ANTHROPIC_API_KEY for AI features and mentions other models (Claude, GPT, Cursor, Copilot) but the skill metadata declares no required environment variables or primary credential. Requesting an API key in instructions without declaring it is inconsistent. Also the 'Get API key at ai-pdf-builder.com' guidance points to an external site (not clearly verified) which could be used to collect keys — this is disproportionate and should be explicitly declared and justified.
Persistence & Privilege
The skill does not request persistent presence (always:false) and is user-invocable. There is no install spec that writes files or modifies other skills/configs in the provided metadata. That limits privilege scope compared to an always-enabled skill.
What to consider before installing
This skill could do what it says, but there are notable red flags you should address before using it: - Provenance: the skill lists no trusted source and the README/metadata versions differ. Verify the package repository and author (inspect the npm package and the GitHub repo) before running npx. - Remote code execution: 'npx ai-pdf-builder' will download and execute code from npm. Only run that if you trust the package owner and have reviewed the package contents (or run it in a sandbox). - Undeclared credentials: SKILL.md asks you to set ANTHROPIC_API_KEY and references other AI providers but the skill metadata doesn't declare these. Treat API keys as sensitive — don't paste them into untrusted sites. Prefer local generation (Pandoc + LaTeX) if you need to handle confidential documents. - Cloud API / data exfiltration: the instructions reference ai-pdf-builder.com as a place to get an API key and offer a cloud API path. Confirm the API's privacy policy and where your documents will be processed before uploading sensitive legal material. - Minimum actions: if you want to try it, 1) inspect the npm package source (or install in an isolated container), 2) prefer local Pandoc flow for private docs, and 3) avoid providing keys or confidential files to the cloud endpoint until you confirm legitimacy. If you can provide the npm package name, GitHub repository link, or the ai-pdf-builder.com domain details, I can re-evaluate with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bm5ewvxtn5jey7gfazxyzkx80zfc9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments