Add watermark to PDF
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do the advertised PDF watermarking, but it sends the chosen PDFs and an API key to a third-party API, so use it only with trusted documents and credentials.
Before installing, confirm you trust the Cross-Service-Solutions API endpoint, use a revocable API key, and avoid processing PDFs or watermark text that should not leave your environment. Also check that no SOLUTIONS_BASE_URL override is set unless you intentionally want to send files to that endpoint.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
PDF contents, filenames, watermark text, and the Authorization header are sent outside the local environment; if the endpoint is untrusted or misconfigured, that data could be exposed.
The script uploads the selected PDF contents and watermark text to the configured external API endpoint, and that endpoint can be overridden by an argument or environment variable.
resp = requests.post(url, headers=headers, files=files, data=data, timeout=timeout_s) ... ap.add_argument("--base-url", default=os.getenv("SOLUTIONS_BASE_URL", DEFAULT_BASE_URL))Use this only with documents you are comfortable processing through the stated service, review the service's privacy and retention terms, and avoid setting SOLUTIONS_BASE_URL or --base-url unless you trust the destination.
Anyone who obtains the API key may be able to use the associated Solutions API account according to that key's permissions.
The skill requires delegated API credentials for the external service; this is expected for the workflow, but the registry metadata does not declare a primary credential or required environment variable.
The API requires an API key used as a Bearer token: - `Authorization: Bearer <API_KEY>`
Provide a revocable, least-privileged API key through a secret mechanism when possible, do not paste it into shared transcripts, and rotate it if it may have been exposed.
If the watermark text itself is sensitive, it may be retained in the agent conversation, logs, or downstream context.
The script always places the watermark text into the returned JSON, while SKILL.md says the text should be returned only if safe.
result["watermark_text"] = text
Avoid using sensitive watermark text, or remove/suppress the watermark_text field before returning or logging results.
Users have less independent information for verifying who maintains the skill or whether the external service is the intended provider.
The package metadata does not provide a source repository or homepage to help users verify provenance before trusting the skill with document uploads.
Source: unknown; Homepage: none
Verify the provider and API domain out of band before using the skill for confidential or regulated PDFs.