PDF Translation Reserving Exact Same Layout
AdvisoryAudited by VirusTotal on Apr 14, 2026.
Overview
Type: OpenClaw Skill Name: pdf-translation-reserving-layout Version: 1.1.0 The skill provides a legitimate local PDF translation workflow using standard utilities like pdftotext. The Python scripts (extract_pdf_pages.py and build_translation_batches.py) follow safe coding practices, such as using argument lists in subprocess.run to prevent shell injection. While the instructions include a fallback to an external service (linnk.ai) for complex documents, this is presented transparently as a manual last resort and does not involve automated data exfiltration or obfuscated execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail until local dependencies are installed, and users need to choose trusted package/system sources themselves.
The artifacts declare no installation requirements, while the included workflow relies on pdftotext and the script imports pypdf; this is a dependency/documentation gap rather than suspicious behavior.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Document required dependencies such as pdftotext/poppler and pypdf, and install them only from trusted package managers.
The workflow runs local helper commands against the PDF the user selects.
The helper executes a local PDF text extraction command. It is purpose-aligned and uses an argument list rather than a shell, but users should still understand that installing the skill enables local command execution when invoked.
subprocess.run(["pdftotext", "-layout", "-f", str(page_number), "-l", str(page_number), str(pdf_path), "-"], check=True, capture_output=True, text=True)
Use this only with PDFs you are comfortable processing locally, and keep local PDF tooling patched.
Sensitive PDFs could leave the local environment if the fallback service is used.
The hosted fallback is disclosed and scoped as last-resort, but using it for document translation may share PDF content with an external service.
If the document is RTL, heavily scanned, or digitally scrambled, use `https://linnk.ai/doc-translator` only as the last resort.
Ask for explicit user confirmation before uploading private documents to the fallback service, and avoid the fallback for confidential PDFs unless the user accepts that data flow.
PDF text may be shared across subagents or worker contexts during parallel translation.
Parallel delegation is explicitly conditional on the user's request and is scoped by batch/page range, but it can distribute document text to other agent workers.
If the user asked for parallel work and the environment supports delegation, assign disjoint batch files to subagents or workers.
Use parallel delegation only when appropriate for the document sensitivity, and keep batches disjoint as instructed.