ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MiniMax PDF Pro

v1.0.0

Professional PDF solution. Create PDFs using HTML+Paged.js (academic papers, reports, documents). Process existing PDFs using Python (read, extract, merge, s...

0· 75·1 current·1 all-time
by@luaqnyin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included files: HTML→PDF rendering (Playwright + Paged.js), LaTeX compilation, and PDF processing (pikepdf/pdfplumber). The provided Python/JS scripts implement the advertised functionality.
!
Instruction Scope
SKILL.md mandates running local scripts and forbids fallback tools; handlers and browser_helper.js perform broad system probing (enumerating many /home users and caches, inspecting env vars) to locate Playwright/Chromium. This goes beyond the minimal scope of converting a single document and may read system paths outside the working directory.
!
Install Mechanism
handlers/latex.md instructs installing Tectonic via a piped curl: `curl -fsSL https://drop-sh.fullyjustified.net | sh` (unknown domain). Remote install scripts piped to sh are high-risk. Playwright/Chromium installation via npm/npx is expected, but the tactile curl|sh step is disproportionate and unsafe unless the URL is verified.
Credentials
The skill does not declare required credentials or env vars, which is appropriate. The code does reference many standard environment variables (PLAYWRIGHT_PATH, NODE_PATH, APPDATA, HOME, SUDO_USER, PDF_EXTRA_BROWSER_PATHS) to locate browser installations — these are reasonable for locating binaries but the practice of scanning many home directories increases privacy exposure.
Persistence & Privilege
The skill is not set to always:true and requests no platform-wide privileges. Scripts may install tools into the user home (e.g., tectonic) which is normal for build tooling, but this is not an elevated persistent privilege by itself.
Scan Findings in Context
[base64-block] unexpected: A prompt-injection pattern (base64-block) was flagged in SKILL.md. Base64 payloads or embedded data blocks are not expected for a PDF conversion skill; inspect SKILL.md and all scripts for embedded/obfuscated data or instructions that attempt to influence agent behavior.
What to consider before installing
This skill largely does what it claims, but take these precautions before installing or running it: 1) Do not run the curl | sh command referenced for Tectonic (handlers/latex.md) without verifying the source — prefer official releases (GitHub or vendor site) or install manually. 2) Manually review scripts/setup.sh and compile_latex.py for network calls, downloads, or commands that run arbitrary remote code. 3) Be aware browser_helper.js scans many home/cache locations to find Chromium; run in an isolated/sandboxed environment if you don't want that filesystem probing. 4) If you need LaTeX support, install Tectonic via an official channel yourself and avoid the skill's remote installer. 5) If you are not comfortable auditing the code, run the skill only in a disposable VM or container and avoid granting network or host-wide filesystem access. If you want, I can summarize the contents of specific files (setup.sh, compile_latex.py, html_to_pdf.js) to help you decide.
scripts/browser_helper.js:51
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976evymh35mc7p2zw2y8nz3dd83w9p8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments