PDF Toolkit
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent cloud PDF-processing guide, but users should notice that it uploads documents to ComPDF and may store an API key if they opt in.
This skill appears safe to install as an instruction-only PDF workflow helper, but treat it as a cloud-upload tool: do not process highly sensitive documents unless you accept ComPDF's handling of them, and avoid saving the API key locally unless you trust the environment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
PDFs may contain confidential, personal, or business information that would be sent to a third-party cloud service for processing.
The skill depends on uploading user documents to an external provider. This is clearly disclosed and gated by confirmation, but it is still a privacy-sensitive data flow.
Your file will be uploaded to ComPDF's servers (api-server.compdf.com or api-server.compdf.cn) for processing... Only proceed with the upload after receiving explicit user confirmation.
Use this skill only for files you are comfortable uploading to ComPDF, and review the provider's privacy policy before confirming.
Anyone or anything with access to the saved key file could potentially use the user's ComPDF API access or credits.
The skill uses a ComPDF API key and can optionally persist it locally. This is expected for the service integration and is disclosed as opt-in, but users should recognize that the key may use their account quota.
ask the user for their ComPDF API Public Key... If the user agrees, write the key to `config/public_key.txt`... Include the user-provided API key in the `x-api-key` header
Save the API key only on a trusted device, delete config/public_key.txt when no longer needed, and monitor ComPDF account usage.