Skillv1.0.0

ClawScan security

CamScanner-Pdf2Markdown · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 7, 2026, 6:09 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required tools (curl, jq), and behavior (upload → convert → download) are coherent with its stated purpose of converting PDFs to Markdown, but it sends files to a third‑party server so users should consider privacy implications.
Guidance: This skill behaves as advertised: it uploads a local PDF to a CamScanner endpoint, converts it, and downloads a Markdown file. Before installing/using it: (1) confirm the endpoint (ai-tools.camscanner.com) is the legitimate service you intend to use; (2) avoid uploading highly sensitive documents if you have privacy concerns — the skill sends files off your machine and the SKILL.md's claim about retention cannot be independently verified; (3) ensure curl and jq are available on the system; (4) inspect network activity or use test documents if you want to validate behavior first. If you need offline conversion for sensitive files, consider local tools instead.

Purpose & Capability: okName/description match the actions in SKILL.md: upload a PDF to a remote CamScanner endpoint, request a conversion, and download the .md result. Required binaries (curl, jq) are appropriate for the provided shell examples and no unrelated credentials or config paths are requested.
Instruction Scope: noteInstructions are narrowly scoped to uploading the specified local PDF, invoking conversion endpoints, and saving the result locally. However, the workflow explicitly sends the user's file to a remote service (ai-tools.camscanner.com); that is expected for this skill but is a privacy/data‑exfiltration surface the user should be aware of. The SKILL.md also asserts files are not permanently stored on the server — this claim is not verifiable from the skill itself.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That minimizes attack surface (nothing is written to disk by the skill itself).
Credentials: okThe skill requests no environment variables, credentials, or config paths beyond requiring curl/jq on PATH. No excessive secrets or unrelated service credentials are requested.
Persistence & Privilege: okThe skill is not always-included and does not request any elevated or persistent platform privileges. Autonomous invocation is enabled by default (platform normal) but the skill does not request special persistence or modify other skills.