Back to skill
Skillv1.0.0
ClawScan security
PDF to Markdown · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 4:00 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and permissions align with its stated purpose (local PDF→Markdown conversion); no network, credential, or surprising install behavior was found.
- Guidance
- This skill appears coherent and local-only. Before installing: (1) note the SKILL.md path (scripts/pdf2md.py) doesn't match the included filename (pdf2md.py) — adjust the command or move/rename the file when running; (2) install pdfplumber from PyPI (pip install pdfplumber) in a virtualenv; (3) run on a trusted or isolated environment if you process untrusted PDFs (malicious PDFs can try to exploit parsers or cause resource exhaustion even if no network is used); (4) inspect the script yourself (it's short and readable) and verify you only give it files you intend to convert.
Review Dimensions
- Purpose & Capability
- okName/description (local PDF→Markdown) match the included Python script and the declared requirements (pdfplumber, python). The skill only needs file read/write to operate, which is proportional.
- Instruction Scope
- noteSKILL.md instructs running python scripts/pdf2md.py but the provided file is pdf2md.py at the repository root (minor path mismatch). Otherwise the runtime instructions only read the provided PDF and write Markdown output; they do not perform network calls or access unrelated files or env vars.
- Install Mechanism
- okNo install spec (instruction-only) and the code uses a standard PyPI dependency (pdfplumber). Nothing is downloaded from untrusted URLs or written to unexpected locations.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The only declared permissions are file read/write, which the script uses only for the input and optional output files.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide changes or modify other skills. Autonomous invocation is allowed by default (normal), and there are no additional privileged behaviors.