Skillv1.0.0

ClawScan security

Remove password from PDF · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (upload a passworded PDF + password to a remote API and return an unlocked-file URL) but contains inconsistencies and privacy risks (undeclared credential in registry metadata, no vendor homepage, and sending sensitive files/passwords to an unverified third party).
Guidance: This skill will upload your protected PDF and its current password to a third-party API and return a URL for the unlocked file. Before installing or using it, consider: 1) The registry metadata does not declare the API key requirement even though the SKILL.md and script do — that should be fixed or explained. 2) There is no homepage or verifiable vendor information (owner is unknown); confirm the legitimacy of https://login.cross-service-solutions.com and the API domain (api.xss-cross-service-solutions.com) before sending sensitive documents or passwords. 3) If the PDF contains sensitive data, avoid using an untrusted third-party service — prefer local tools that remove PDF passwords offline. 4) If you must use this skill, test it with non-sensitive files first, and only provide an API key scoped and revocable for this service. 5) Additional information that would reduce concern: a verifiable project homepage or vendor identity, registry metadata updated to declare SOLUTIONS_API_KEY as the primary credential, and independent confirmation that the service handles uploaded files/passwords according to acceptable privacy/security policies.

Review Dimensions

Purpose & Capability: concernThe skill's name/description match the code and SKILL.md: it uploads a password-protected PDF and the current password to a remote Solutions API and polls for a result. However the registry metadata lists no required environment variables or primary credential, while both SKILL.md and the script require an API key (SOLUTIONS_API_KEY or passed via --api-key). That metadata omission is an incoherence that affects trust and automated vetting.
Instruction Scope: concernThe SKILL.md and the included script limit their actions to: read the supplied PDF file, accept the current password, upload both to the external API, poll job status, and return the download URL. That scope is consistent with the stated purpose. The important concern is that the instructions explicitly send both the sensitive PDF and its password to an external service (api.xss-cross-service-solutions.com) — expected for this functionality but a significant privacy/security risk if the service/operator are untrusted or malicious.
Install Mechanism: noteThere is no install spec (instruction-only), lowering install risk. A small Python script and requirements.txt (requests) are included; running it requires installing requests. No download-from-unknown-URL or installer actions are present in the manifest.
Credentials: concernThe skill requires an API key (used as a Bearer token) according to SKILL.md and the script (env var SOLUTIONS_API_KEY or --api-key), but the registry metadata lists no required env vars and no primary credential. This mismatch is concerning because it hides that a credential is necessary. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request 'always: true', does not modify other skills or system-wide settings, and does not request persistent privileges. Model invocation remains allowed (platform default).