Document Handler
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says: extract and convert user-chosen document files, with no evidence of hidden networking, credential use, persistence, or destructive behavior.
This skill looks safe for its stated purpose. Before installing or using it, be aware that it can read the full contents and metadata of documents you point it at, and PDF conversion can create image files containing document pages. Use trusted local document tools and avoid processing sensitive files unless they are needed for the task.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private document contents may become visible to the agent during the task, and malicious instructions embedded inside a document could try to influence the workflow.
The skill intentionally brings document text and metadata into the agent's working context. This is purpose-aligned, but document contents may be sensitive or may contain instructions that should be treated as untrusted data.
Extract text, metadata, and content from any document format.
Use it only on documents relevant to the task, and treat extracted document text as data rather than instructions to follow.
Converted pages can create persistent image files that may expose the PDF contents if saved in a shared or synced folder.
The PDF conversion script creates a user-specified output directory and writes image files there. This is expected for PDF-to-image conversion, but users should choose the destination carefully.
mkdir -p "$OUTPUT_DIR"
pdftoppm -png -r "$DPI" "$PDF" "${OUTPUT_DIR}/${BASENAME}"Specify a safe output directory and review generated files before sharing or syncing them.
The skill may fail or rely on whatever versions of these tools are already installed on the system.
The supplied scripts depend on external local utilities such as pdftotext, pdfinfo, pdftoppm, unzip, and textutil, while the registry metadata declares no required binaries. This is not hidden behavior, but dependency availability and provenance are left to the local environment.
pdftotext -layout "$FILE" - 2>/dev/null || echo "Could not extract PDF text"
Install document-processing utilities from trusted OS or package-manager sources and keep them updated.