PDF Tools
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing unpinned packages can expose users to dependency changes or compromised package versions, though this setup is clearly disclosed and purpose-aligned.
The skill relies on external PyPI packages installed manually and without pinned versions. This is expected for a Python PDF utility, but users should install from a trusted environment.
pip3 install pdfplumber PyPDF2 reportlab
Install dependencies in a virtual environment and consider pinning known-good versions of pdfplumber, PyPDF2, and reportlab.
If the agent is given the wrong output path, it could overwrite an existing PDF or create files somewhere unexpected.
The editing tool writes to a user-supplied output path. This is necessary for PDF editing, but careless output choices could overwrite or create files in unintended locations.
with open(output_path, 'wb') as f:
writer.write(f)Use clear, new output filenames and keep backups of important PDFs before editing, merging, splitting, or rotating them.