Vector Text Fixer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Vector Text Fixer appears to be a local, user-directed PDF/SVG repair script with no evidence of hidden network access or credential use, but users should review its dependencies and handle extracted document text carefully.
This skill looks reasonable for local PDF/SVG text repair. Before installing or running it, review and pin the Python dependencies, run it only on intended copies of files, use scoped input/output folders, and treat JSON exports or repair logs as potentially containing sensitive document text.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on a broad folder, the tool may process many local documents and create output files containing repaired or extracted text.
The skill supports batch processing of a local folder and writing outputs. This is aligned with the stated purpose, but users should ensure the input and output paths are intentionally scoped.
python scripts/main.py --batch ./input_folder --output ./output_folder
Run it on copies or a dedicated working folder, and review outputs before replacing original documents.
Installing dependencies without review could pull unexpected package versions or the wrong package for PDF processing.
The dependency file uses unpinned package names and includes an ambiguous PDF dependency name, while the documentation describes PyMuPDF/BeautifulSoup-style dependencies. This creates install ambiguity rather than evidence of malicious behavior.
bs4 dataclasses fitz
Prefer the documented packages and trusted pinned versions, especially PyMuPDF for the fitz import, before running the script.
Sensitive text from PDFs or SVGs may be copied into JSON exports or repair logs.
The documented JSON export stores extracted original text and suggested fixes. This is expected for an editable repair workflow, but it can persist document contents outside the original file.
"original_text": "�����", "detected_encoding": "UTF-8", "suggested_fix": "Sample Text"
Store generated JSON/log files securely, avoid exporting sensitive documents unnecessarily, and delete intermediate files when no longer needed.