Back to skill
Skillv1.0.0
ClawScan security
Nested PDF Merger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 7:24 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is coherent: it is an instruction-only wrapper that expects an external nestedpdfmerger CLI and asks for nothing beyond that.
- Guidance
- This skill is internally consistent: it only documents how to call an external CLI (nestedpdfmerger). Before installing or allowing the agent to run it, verify the nestedpdfmerger package/source: check the linked GitHub homepage, confirm the maintainer and recent activity, and prefer installing into a virtualenv (or inspect the package contents) rather than system-wide. Use the skill's recommended --dry-run to preview actions. Be mindful that the agent will execute a CLI against filesystem paths you provide — avoid passing untrusted or network-mounted directories you don't want processed, and ensure inputs are sanitized if you are concerned about shell injection in the environment where the agent runs.
Review Dimensions
- Purpose & Capability
- okName, description, and required binary (nestedpdfmerger) align: merging PDFs from a nested directory tree legitimately requires an external CLI that performs the merge. No unrelated binaries, env vars, or config paths are requested.
- Instruction Scope
- okSKILL.md only instructs the agent to confirm input/output paths and run the nestedpdfmerger CLI (or tell the user how to install it). It does not instruct reading unrelated system files, exfiltrating data, or contacting external endpoints. It will operate on user-specified filesystem paths (expected for this task).
- Install Mechanism
- noteNo formal install spec in the registry (instruction-only). The README suggests installing via `pip install nestedpdfmerger`, which is a reasonable, common installation method but is moderately risky if the PyPI package or source is unvetted. No automatic downloads or obscure URLs are present in the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths — appropriate for a local CLI wrapper.
- Persistence & Privilege
- okThe skill does not request always-on presence or system-wide configuration changes. It is user-invocable and allows autonomous invocation by default (normal for skills) but does not elevate privileges itself.