Back to skill
Skillv1.0.1
ClawScan security
PDFlux-PDF2Markdown · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 30, 2026, 9:11 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (uploading local documents to a remote 'pdflux' service) matches its description, but there are inconsistencies in declared environment variables and metadata, and it will transmit user files to an external API — verify the service and keys before use.
- Guidance
- This skill will upload your local document to a remote service (default: platform.paodingai.com) and return Markdown. Before installing or running it: (1) confirm which environment variable name the runtime expects — the registry lists PAODINGAI_* but the script uses PD_ROUTER_API_KEY/PD_ROUTER_BASE_URL; set the correct variable to avoid accidentally exposing other credentials; (2) verify you trust the remote service and that sending the document is acceptable (contains PII/IP/secret data?); (3) if you need source provenance, ask for the skill's homepage or repository or run the included script in a sandbox; (4) ensure your Node runtime supports fetch/Blob/FormData or test locally; (5) if you need offline conversion or don't want external uploads, do not use this skill. If you decide to proceed, provide only a dedicated API key with minimal scope and test with non-sensitive documents first.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (document -> Markdown conversion) align with the included script which uploads a local file to a remote parsing service and downloads Markdown. However, registry metadata and SKILL.md header declare environment variables named PAODINGAI_API_KEY and PAODINGAI_API_BASE_URL while the runtime instructions and script require PD_ROUTER_API_KEY (and optionally PD_ROUTER_BASE_URL / PD_ROUTER_SERVICE_CODE). This naming mismatch is an incoherence that could cause misconfiguration or confusion.
- Instruction Scope
- concernThe SKILL.md and bundled script instruct the agent to upload the user's local file to a remote API (default https://platform.paodingai.com/) then poll and download Markdown. That is within the stated purpose, but it is an explicit data exfiltration step: local files are sent off-host. The instructions also insist the bundled script be executed (don't reimplement). There is no unexpected access to unrelated system paths or extra env vars in the script, but the requirement to upload files to an external service is a privacy/security consideration users must accept.
- Install Mechanism
- okThere is no remote install or arbitrary download. The skill is instruction-only with a small included Node script. No external archives or installers are fetched by the skill itself.
- Credentials
- concernThe script needs a single gateway API key to talk to the parsing service (PD_ROUTER_API_KEY). That is proportionate to the task. However the registry metadata lists different env var names (PAODINGAI_API_KEY, PAODINGAI_API_BASE_URL) than the script/README (PD_ROUTER_API_KEY / PD_ROUTER_BASE_URL). This inconsistency increases risk of leaking or mis-supplying credentials, and the skill's source is 'unknown' with no homepage, so the provenance of the API endpoint and key handling cannot be easily verified.
- Persistence & Privilege
- okThe skill does not request permanent/always-on inclusion (always:false), and it does not modify other skills or system-wide settings. Normal autonomous invocation is allowed (disable-model-invocation:false) which is expected for user-invoked skills; nothing here grants excessive platform privileges.