Skillv1.0.0

ClawScan security

X 92bilal26 Pdf · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 1:08 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated PDF-processing purpose: all included code and instructions operate on local PDF files, require standard Python PDF/image libraries, and do not request credentials or reach out to remote endpoints.
Guidance: This skill appears to do what it claims, but review these practical points before installing: 1) Dependencies: the repository has no automated install or requirements.txt — you must install/verify Python packages (pypdf, pdf2image, pdfplumber, pillow, pytesseract, pandas, etc.) and their native dependencies (poppler, tesseract) in a controlled environment. 2) Monkeypatch: fill_fillable_fields.py monkeypatches a pypdf method to work around a library bug; this is documented in the file but it does modify library behavior at runtime — run in an isolated environment to avoid surprising global side effects. 3) Malicious/malformed PDFs: scripts parse PDF internals and annotations; untrusted or intentionally malformed PDFs can trigger parser exceptions or resource exhaustion. Process untrusted PDFs in a sandbox. 4) Viewer prompts: the code sets need-appearances which can cause some PDF viewers to prompt users to save changes — be aware when distributing outputs. 5) License: LICENSE.txt asserts restrictive terms; check that licensing is acceptable for your use. If you need to proceed, install dependencies in a virtual environment, inspect/linereview the scripts yourself, and test with non-sensitive PDFs first.

Review Dimensions

Purpose & Capability: okName/description (PDF extraction, creation, forms) match the included scripts (extract_form_field_info, fill_fillable_fields, convert_pdf_to_images, annotation-based filling, table/text extraction examples). No unrelated credentials, binaries, or external services are requested.
Instruction Scope: okSKILL.md and forms.md instruct the agent to run local Python scripts and command-line tools and to validate results manually. The runtime instructions and scripts operate only on user-supplied PDF, image, and JSON files; they do not read unrelated system files or transmit data externally. The skill emphasizes manual visual validation steps (forms.md), which limits automated, broad-scope actions.
Install Mechanism: noteThere is no install spec; this is instruction+code-only. The code depends on several third-party Python packages (pypdf, pdf2image, pdfplumber, PIL, pytesseract, pdfium/pypdfium2, pandas, etc.) but SKILL.md only shows examples and does not provide a dependency manifest or automated install. That is not malicious but is a missing usability/packaging step: users must install and vet dependencies themselves.
Credentials: okThe skill requires no environment variables, credentials, or config paths. All scripts act on files passed as arguments and return results locally. No secrets/external tokens are requested or referenced.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It runs as-needed and operates on files in the current working directory as described.