Pdf Reader
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This PDF reader appears locally scoped, but the included code does not actually parse PDFs and may generate misleading sample-based output while writing files/history to fixed local paths.
Treat this as a prototype rather than a reliable PDF reader. Before installing or using it, confirm that real PDF parsing has been implemented, change the hard-coded output folder if needed, and be aware that document filenames and output paths are stored locally.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could receive a confident summary or Markdown file that is not based on their PDF, leading to incorrect conclusions.
The implementation explicitly says real PDF parsing is not implemented and instead returns simulated sample text, despite the skill being presented as a PDF reader/converter/summarizer.
# TODO: 实现真实 PDF 解析 ... # 示例文本(模拟) ... sample_text = """\n# Attention Is All You Need
Do not rely on this skill for real PDF analysis until the parser is implemented and tested; verify outputs against the original PDF.
Converted document content may be saved in an unexpected synced folder, and existing output files with the same name could be replaced.
Processed Markdown is written to a fixed OneDrive/Desktop path and may overwrite an existing same-named .md file.
OUTPUT_DIR = Path("D:/OneDrive/Desktop/公众号文章") ... with open(output_md, "w", encoding="utf-8") as f:Change the output directory to a user-selected location and add overwrite confirmation before writing files.
Names and locations of processed documents may remain on disk after use.
The skill persists processing history containing filenames, timestamps, output paths, and word counts.
HISTORY_FILE = DATA_DIR / "history.json" ... history["processed_files"].append({"filename": pdf_path.name, "processed_date": ..., "output_md": str(output_md), "word_count": len(text.split())})Review or delete history.json if document names or paths are sensitive, and prefer an explicit retention/clear-history option.
Users who follow the setup command depend on current PyPI package versions rather than reviewed, pinned versions.
The README suggests installing unpinned third-party Python packages, although this is user-directed and aligned with PDF parsing functionality.
pip install PyMuPDF pdfplumber pymupdf4llm
Install dependencies in a virtual environment and prefer pinned versions or a lockfile from a trusted source.