Back to skill
Skillv1.0.0
ClawScan security
Nano Pdf 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 5:53 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose and runtime instructions align with a simple CLI wrapper for editing PDFs, but the installer pulls a third‑party package (nano-pdf) and there is a metadata mismatch about the owner/source that warrants caution before installing.
- Guidance
- This skill is plausible for the described task, but take precautions before installing: 1) Verify the nano-pdf package on PyPI (maintainer, recent releases, and reviews) and confirm the publisher matches the registry metadata—_meta.json ownerId and the listed owner differ here. 2) Inspect the package source (or its wheel) before installing, or install in a disposable/sandbox environment to observe behavior. 3) Prefer to run the CLI locally on sample PDFs first and monitor for unexpected network activity—packages can execute arbitrary code at install or runtime. 4) Avoid sending sensitive PDFs to the tool until you trust the package. If you cannot inspect the package or confirm the maintainer, treat the install as higher risk.
Review Dimensions
- Purpose & Capability
- okThe skill name/description say it edits PDFs via the nano-pdf CLI, and the only runtime requirement is the nano-pdf binary. That is coherent: a PDF-editing skill legitimately needs that binary.
- Instruction Scope
- okSKILL.md only instructs the agent to run the nano-pdf CLI against a user-supplied PDF and to sanity-check output. It does not direct reading unrelated files, accessing unrelated env vars, or posting data to external endpoints.
- Install Mechanism
- concernThe install spec uses an installer kind 'uv' to fetch a package named 'nano-pdf' and create a nano-pdf binary. This will write third‑party code/binaries to disk and run them; the skill provides no URL or checksum. Installing packages from external registries can execute arbitrary code at install or runtime, so the package should be audited or installed in a sandbox. Also, the declared 'homepage' points to PyPI which is plausible but not independently verified here.
- Credentials
- okNo environment variables, credentials, or config paths are requested—proportionate for a local CLI wrapper.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent system-wide privileges. It does not declare actions that would modify other skills or global agent settings.