v1.0.2

pdf-compress-tool

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:55 AM.

Analysis

The skill appears to do what it claims—compress PDFs—but it can run local PDF utilities and may auto-install the pikepdf Python package if missing.

GuidanceThis looks reasonable for a PDF compression utility. Before installing or running it, consider using a virtual environment, preinstalling pikepdf/Ghostscript/QPDF from trusted sources, and keeping backups when using batch compression.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

compress_pdf.py

[sys.executable, "-m", "pip", "install", "pikepdf"]

If pikepdf is missing, the script installs an unpinned Python package at runtime. This is disclosed and purpose-aligned, but users should notice the dependency install.

User impactRunning the tool may download and install third-party code into the local Python environment.

RecommendationPrefer installing pikepdf yourself from a trusted package source or use a controlled virtual environment before running the skill.

Tool Misuse and Exploitation

SeverityInfoConfidenceHighStatusNote

SKILL.md

- **Batch processing**: compress all PDFs in a directory at once

The skill can operate on an entire directory of PDFs. This fits the stated purpose, but broad batch processing can unintentionally modify or create many files if the path is chosen poorly.

User impactA mistaken batch path could process more PDFs than intended or produce many compressed outputs.

RecommendationUse explicit input and output paths, keep backups of important PDFs, and confirm the target directory before using batch mode.