Back to skill
Skillv1.0.0
ClawScan security
Make PDF safe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:28 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (upload a PDF, poll a job, return a download URL) but there are metadata inconsistencies, an undeclared API credential, and the skill uploads user PDFs to an externally hosted service with no homepage or provenance — verify the provider before use.
- Guidance
- This skill performs exactly what it says (uploads a PDF to a remote service, waits for a flattening job, and returns a download link). Before installing or using it, verify the external provider (there is no homepage listed and the domain includes 'xss' which is unusual), confirm their privacy/retention policy, and only upload documents you are comfortable sending to that third party. Note the registry metadata omits the required API key — the skill will not work without providing a bearer token (via --api-key or SOLUTIONS_API_KEY). If you need to process sensitive PDFs and cannot trust the remote service, prefer a local flattening tool instead. If you proceed, keep the API key secret and do not paste it into chat or logs.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md and the included Python script both implement the described workflow (POST file -> poll -> return a download URL). However the registry metadata claims no required environment variables or primary credential while the SKILL.md and script require an API key (SOLUTIONS_API_KEY or --api-key) and optionally allow SOLUTIONS_BASE_URL — this mismatch is a transparency/metadata issue that should be resolved.
- Instruction Scope
- okInstructions are narrowly scoped to uploading the provided PDF, polling the Solutions API job endpoint, and returning the download URL. They do not attempt to read unrelated files, environment variables, or system configuration. Note: the workflow necessarily transmits the entire PDF to an external service, which is expected for this function but is a privacy/security consideration.
- Install Mechanism
- okThis is an instruction-only skill plus an included Python script; there is no installer or third-party binary download. The script depends on the 'requests' package (declared in requirements.txt). No high-risk install URLs or archive extraction are present.
- Credentials
- concernThe skill requires a bearer API key (SOLUTIONS_API_KEY or passed via --api-key) to operate, which is proportionate to contacting a third-party API. However the registry metadata does not declare this required credential or the optional SOLUTIONS_BASE_URL env var. Also, using the skill sends potentially sensitive documents to an external domain (api.xss-cross-service-solutions.com) — the provider and data-retention/privacy policy should be verified before sending sensitive PDFs.
- Persistence & Privilege
- okThe skill does not request persistent 'always' inclusion, does not modify other skills or system settings, and has no install-time hooks. It only runs as invoked (or autonomously per platform default), which is normal.