ClawHub

PDF.co

v1.0.1

PDF.co API integration with managed OAuth. Convert, merge, split, edit PDFs and extract data. Use this skill when users want to convert PDFs to/from other fo...

2· 1.5k·1 current·2 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description (PDF.co) aligns with the provided API endpoints, but all traffic and authentication are routed through Maton-managed endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) rather than direct api.pdf.co calls. This is coherent if the maintainer intentionally provides a managed gateway, but users should be aware they are granting Maton access to perform PDF.co operations on their behalf.
Instruction Scope
SKILL.md only instructs HTTP calls to Maton endpoints and to read the single environment variable MATON_API_KEY. It does not instruct reading unrelated files, extra environment variables, or exfiltrating data to unexpected domains. The only notable behavior is the explicit proxying through Maton controllers/gateway instead of direct pdf.co endpoints.
Install Mechanism
No install spec or code files are provided (instruction-only), so nothing is written to disk or downloaded during install — this minimizes install-time risk.
Credentials
The skill requests a single environment variable (MATON_API_KEY), which matches the documented authentication method in the SKILL.md. There are no unrelated or excessive credential requests.
Persistence & Privilege
always:false and no config paths requested. The skill can be invoked by the agent (default behavior), which is expected for an API integration. There is no indication it modifies other skills or system settings.
Assessment
This skill is instruction-only and coherent with its description, but note two things before installing: (1) All requests and your MATON_API_KEY will be sent to Maton-managed endpoints (gateway.maton.ai / ctrl.maton.ai / connect.maton.ai) which proxy to PDF.co — only install if you trust Maton to handle your files and credentials. (2) The MATON_API_KEY is sensitive: use a least-privilege or revocable key, monitor usage, and be prepared to revoke it if you notice unexpected activity. Because the skill can be invoked by the agent, consider whether you want autonomous calls to be allowed for operations that upload or manipulate documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ej4wr43dp6eqhkr24termqn81ess0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
EnvMATON_API_KEY

Comments