ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PDF Summarizer

v1.0.0

Automatically extract and generate concise summaries from PDF documents using intelligent text analysis.

0· 100·1 current·1 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the behavior: the SKILL.md and openapi.json describe an API that accepts PDF uploads and returns summaries. This capability legitimately requires sending the PDF to a remote summarization service, which the skill documents (api.mkkpro.com / toolweb.in).
Instruction Scope
The runtime instructions are limited to uploading a PDF via multipart/form-data to the external endpoint and returning the summarized JSON. The instructions do not request reading unrelated files or environment variables. Important: the SKILL.md explicitly instructs sending the PDF binary to a third party (api.mkkpro.com), so user documents would be transmitted off-host.
Install Mechanism
No install spec and no code files — this is instruction-only, so nothing is written to disk by an installer. That lowers install-time risk.
!
Credentials
The skill declares no required environment variables or credentials, but the SKILL.md and Pricing section imply a hosted service with paid plans. The openapi.json contains no security schemes and the sample requests omit any Authorization header. Either the API is public (unexpected for a paid service) or the skill omitted required credentials — this mismatch is concerning and should be clarified before use.
Persistence & Privilege
always is false and there is no evidence the skill requests persistent system privileges or modifies other skills/config. Autonomous invocation is allowed by default (not flagged).
What to consider before installing
This skill will upload any PDF you give it to an external service (api.mkkpro.com / toolweb.in). Before installing or using it: 1) Verify the service owner and privacy/retention policy (provenance is unclear — no homepage provided). 2) Confirm whether an API key or account is required (manifest omits any auth requirements despite pricing tiers). 3) Do not upload sensitive or confidential documents until you are sure how files are stored, processed, or shared. 4) Test with non-sensitive samples to confirm behavior and TLS endpoints, and prefer alternatives with clear ownership, documented security, and explicit credential handling. If you need, ask the skill author to declare required credentials and a privacy policy before trusting it with real data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfe713agtmg8d2bbh4xdkn9838f3q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments