v0.1.0

Pdf Converter

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:34 AM.

Analysis

This appears to be a local PDF-to-PPTX/DOCX converter, with some installation and file-handling details users should review before use.

GuidanceThis skill is reasonable for local PDF conversion. Install dependencies carefully, preferably in a virtual environment, run it only on PDFs or folders you intend to convert, and check the final output size yourself if you need a strict size limit.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

INSTALL.md

pip3 install --break-system-packages pdf2image python-pptx pdf2docx Pillow ... sudo apt-get install poppler-utils

The skill relies on manual installation of unpinned third-party Python packages and system utilities, despite no declared install spec or required binaries in metadata. This is purpose-aligned for PDF conversion but affects the user's local environment.

User impactInstalling these dependencies may change the system Python environment or install system packages.

RecommendationPrefer a virtual environment, install poppler from a trusted package manager, and avoid --break-system-packages unless you understand the local impact.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/convert.py

img_path = f"/tmp/slide_{i}.jpg"; img.save(img_path, "JPEG", quality=self.quality, optimize=True); ... os.remove(img_path)

The converter uses predictable temporary filenames in a shared temporary directory. This is local and purpose-related, but concurrent runs or pre-existing files could collide.

User impactA conversion could overwrite or conflict with temporary slide images from another run on the same machine.

RecommendationRun one conversion at a time or update the script to use a unique temporary directory or secure temporary-file API.

Human-Agent Trust Exploitation

SeverityInfoConfidenceHighStatusNote

scripts/convert.py

if size_mb > self.max_size_mb: self.log(f"⚠️  大小限制：≤{self.max_size_mb} MB - ❌ 超出"); self.log(f"💡 提示：尝试降低 --dpi 或 --quality 参数") ... return True

The implementation warns when the output exceeds the requested size and still returns success, so users should not treat the documented size limit as guaranteed compression.

User impactThe converted file may be larger than requested, which could matter for upload or email size limits.

RecommendationVerify output size after conversion and manually lower DPI or quality if a strict file-size cap is required.