Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PDF Translate
v4.0.0Translates PDF documents to Chinese with professional typography. Extracts text, translates section-by-section into well-structured Markdown, then generates...
⭐ 0· 487·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (PDF → Chinese Markdown + PDF) match the shipped files and runtime instructions. Included scripts (pdf text extraction, Markdown→PDF, legacy reportlab scripts) are entirely consistent with PDF translation and typesetting; README and SKILL.md explicitly describe using the model (Claude) for translation, which aligns with the skill's purpose.
Instruction Scope
SKILL.md instructs the agent to extract text, translate section-by-section, write a .md file and convert to PDF using provided scripts. The instructions reference only local files (input PDF, output .md/.pdf, ${SKILL_DIR}) and required dependencies; they do not instruct reading unrelated system files or env vars, nor do they direct data to external endpoints beyond the expected model usage for translation.
Install Mechanism
No automated install spec is declared (instruction-only installation), which lowers risk. The docs require pip packages (pdfplumber, markdown, weasyprint) and system libs (pango/libgobject) — these are reasonable for the task but do require users to install system libraries (brew/apt) and large Python packages. Nothing is downloaded from obscure URLs and no archives are extracted by the skill itself.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. Scripts only probe common system font paths and read the user-provided PDF; that access is proportional to producing properly typeset PDFs. There are no requests for unrelated secrets or cloud credentials.
Persistence & Privilege
Skill flags are default (not always:true). It does not attempt to modify other skills or system-wide agent settings. It is instruction-only with local scripts and will only run when invoked (agent-autonomy is permitted by platform defaults but not elevated here).
Assessment
This skill appears coherent and implements what it claims: it extracts text from PDFs, expects the agent (model) to do the translation, then converts the resulting Markdown to a styled PDF using the provided scripts. Before installing/use: 1) be prepared to install system dependencies (weasyprint requires libpango/libgobject; instructions include brew/apt notes). 2) Understand that the translation step is performed by your agent/model — sending extracted text to the model may expose document contents to your model provider; do not use it on highly sensitive documents unless you are comfortable with that. 3) The scripts read the PDF you supply and write .md/.pdf alongside it (ensure you trust the skill and the environment where files are placed). 4) No network endpoints, secrets, or unrelated credentials are requested by the skill, but you should still review any runtime logs if used in a multi-tenant environment. If you want stricter guarantees, run the scripts locally with an on-premise model or perform translation offline.Like a lobster shell, security has layers — review code before you run it.
latestvk97741kmvqh5bv0wr0rmxepa55824knj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.