Protect PDF with password
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims, but it sends the chosen PDF, password, and API key to a third-party API, so users should only use it with a provider they trust.
Before installing, confirm that you trust the Solutions API with the PDFs you plan to process. Protect the API key, verify the API base URL, avoid sharing the returned download link, and consider pinning dependencies if you run the included Python helper script.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Confidential PDF contents, the chosen document password, and the protected-file download link depend on the external provider's handling and access controls.
The intended workflow transmits the PDF and the user-provided password to an external provider, then returns a downloadable URL for the resulting file.
uploading both to the Solutions API
Use this only for PDFs you are comfortable uploading to the Solutions API, verify the provider, use a unique password, and keep the returned download URL private.
If the API key is exposed, someone else may be able to use the user's Solutions API account or quota.
The skill requires a bearer API key for the external service. This is purpose-aligned, but it is a sensitive credential and the registry metadata lists no primary credential.
The API requires an API key used as a Bearer token: - `Authorization: Bearer <API_KEY>`
Use a scoped or revocable API key if available, avoid pasting it into shared chats or logs, and rotate it if exposure is suspected.
A misconfigured base URL could send sensitive data to the wrong service.
The helper script allows the API endpoint to be overridden by an environment variable or CLI argument. This can be useful, but a wrong or untrusted URL would receive the PDF, password, and bearer token.
default=os.getenv("SOLUTIONS_BASE_URL", DEFAULT_BASE_URL)Use the documented default API URL unless you intentionally trust another endpoint, and check the SOLUTIONS_BASE_URL environment variable before running the script.
If users install dependencies later, they may receive whatever newer compatible package version is available at that time.
The helper script depends on requests with a lower-bound version rather than an exact pinned version or lockfile.
requests>=2.32.0
Install dependencies from trusted package sources and consider pinning a reviewed requests version in controlled environments.