Skillv1.0.0

ClawScan security

Pdf Contract Redactor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 5:23 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions implement exactly the stated Alibaba‑OCR-based PDF redaction workflow and request only the Alibaba credentials they need; there are no hidden endpoints or unrelated privileges, but there are a few practical security and behavior caveats you should know before using it.
Guidance: This skill appears to do what it says, but consider these practical cautions before using it: - Credentials: The script expects your Alibaba AccessKey ID and Secret as command-line arguments; passing secrets on the command line can expose them via process listings and shell history. Prefer modifying the script to read credentials from a protected environment variable, a config file with restricted permissions, or a secrets manager. - Redaction effectiveness: The tool overlays black rectangles on the original PDF pages. If the original PDF contains underlying selectable/searchable text or metadata, that underlying text may remain accessible even after the visual overlay. Verify redaction by attempting to select/copy text from the redacted PDF and consider flattening the PDF or exporting a rasterized final PDF to ensure irreversible removal. - Error handling: The SKILL.md mentions exponential backoff for OCR failures but the implementation does not implement retries; expect possible dropped pages/text if the API call fails. Test with non-sensitive documents first. - Privacy: The images are sent to Alibaba's OCR endpoint; only use with documents you are allowed to upload to that external service. If documents are highly sensitive, consider an offline OCR alternative. - Validation: Run the tool on sample contracts and confirm that the fields you need are matched and redacted correctly (edge cases with layout/coordinates may cause false negatives/positives). If you need stronger guarantees (no residual text, no external network calls), either modify the tool to use a local OCR engine and to flatten outputs, or withhold highly sensitive documents from being processed by cloud OCR services.

Review Dimensions

Purpose & Capability: okThe name/description match the included script and SKILL.md: the code converts PDF pages to images, calls Alibaba Cloud OCR, matches field names to nearby values, and draws black rectangles over value areas. Requiring Alibaba OCR credentials (provided at runtime) is coherent with the stated purpose.
Instruction Scope: noteSKILL.md instructions stay within the redaction task and the script follows them. Minor mismatches: SKILL.md says it will 'retry with exponential backoff' on API failures but the script's AliyunOCRClient simply catches exceptions and returns an empty list (no backoff). SKILL.md demonstrates passing credentials as CLI args (and the script expects them) — functionally OK but a security practice concern because command-line args are visible in process lists/shell history.
Install Mechanism: okNo install spec; the skill is instruction+script only. Declared Python dependencies (pymupdf, pillow, requests) are appropriate and proportional to the task and are standard packages from PyPI. Nothing is downloaded from arbitrary URLs or written to unexpected locations.
Credentials: noteThe only sensitive credentials used are Alibaba AccessKey ID and Secret, which the script legitimately needs to call the OCR API. The registry metadata does not declare env vars but the SKILL.md and script expect the credentials as CLI args — this is coherent but risky (exposes secrets in ps/command history). The script does not require or attempt to read unrelated credentials or system config.
Persistence & Privilege: okThe skill is not always-enabled, does not modify other skills or system configurations, and writes only local output files (<name>_redacted.pdf and <name>_fields.json). It does not request persistent elevated privileges.