Back to skill
Skillv1.0.0
ClawScan security
Remove metadata from PDF · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:28 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to do what it says (upload PDFs to a third‑party Solutions API and return cleaned file URLs), but there are coherence issues around declared credentials and registry metadata that you should confirm before installing or using it with sensitive documents.
- Guidance
- Before installing or using this skill: (1) Understand that your PDF files will be uploaded to https://api.xss-cross-service-solutions.com (or a base URL you provide) — do not send sensitive documents unless you trust that service and its privacy policy. (2) The skill requires a Solutions API key (SOLUTIONS_API_KEY or --api-key), but the registry metadata does not declare this — confirm where/how you'll provide the key. (3) The included script is readable (no obfuscated code) and uses only the requests library, but validate the exact API hostname and endpoints (look for typos or phishing domains) and prefer testing with non-sensitive PDFs first. (4) If you need to avoid third‑party uploads, consider running the included script locally against a trusted or self-hosted endpoint or request a version that runs metadata removal entirely client-side.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (remove PDF metadata via the Solutions API) matches the included script and SKILL.md. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and script both require an API key (SOLUTIONS_API_KEY or --api-key). That mismatch between what the package declares and what it actually needs is an inconsistency worth noting.
- Instruction Scope
- okRuntime instructions are narrowly scoped: accept PDF files, upload them to the specified Solutions API endpoint, poll job status, and return output URLs. Allowed tools are limited to http and files. The instructions do not request unrelated files, system credentials, or broad system access.
- Install Mechanism
- okThere is no install script or remote download; the package is instruction + included script. requirements.txt only lists the requests library. No external arbitrary downloads or extraction steps are present.
- Credentials
- concernThe skill legitimately needs a third‑party API key (used as a Bearer token) and optionally a base URL. Those are present in SKILL.md and the script, but the registry's required-env fields do not declare them. The requested credential is proportional to the task, but the missing declaration is an inconsistency that could cause surprise and should be clarified.
- Persistence & Privilege
- okThe skill does not request always:true or any persistent/system-wide privileges, does not alter other skills' configs, and does not request unusual config paths. Autonomous invocation remains allowed (platform default).