Skillv1.0.0

ClawScan security

pdf-image-extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 25, 2026, 1:53 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements match its stated purpose (extracting and resizing images from PDFs); there are no network calls, credential requests, or unexpected behaviors in the shipped scripts.
Guidance: This package appears to do exactly what it says: extract and resize images from PDFs locally. Before using: 1) Inspect and, if desired, edit the pdf_folder and output_folder paths in each script so they point to safe folders; 2) Run pip installs inside a Python virtual environment; 3) Test on a small, non-sensitive PDF set first to confirm behavior; 4) Note the default config targets a Windows E:\ path—change it if you are on another OS; 5) If you need network isolation, run the scripts offline or in a sandbox/VM—these scripts do not perform any network calls according to the source.

Purpose & Capability: okName and description align with the provided scripts: three modes (original, standard, compress) implemented in local Python scripts using PyMuPDF and Pillow. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: okSKILL.md instructs installing Python packages, editing the top-of-file CONFIG variables (pdf_folder/output_folder), and running the appropriate script. The scripts only read PDFs from the configured folder and write images to the configured output; they do not access other system resources, network endpoints, or environment variables.
Install Mechanism: noteThere is no formal install spec; the README asks the user to pip install pymupdf and pillow. The repository includes runnable Python scripts (no external downloads or extract steps). Recommend using a virtualenv when installing dependencies to avoid changing global Python packages.
Credentials: okNo environment variables, credentials, or external config paths are required. The scripts use local file-system paths only (user must edit pdf_folder/output_folder). Default config values point to a Windows E:\ path, which is a convenience/default but not a security-sensitive requirement.
Persistence & Privilege: okThe skill is not forced-always, and it does not modify agent/system configuration. It runs as a normal user process and only writes extracted images to the configured output folder.