ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

pdfly-cli

v1.0.0

A pure-python CLI application for manipulating PDF files. Use when needing to compress, merge, split, rotate, sign, extract images/text, or convert files to/...

0· 15·0 current·0 all-time
byZexun Lin@overdue-lin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description claim PDF manipulation and the instructions describe matching commands (compress, merge, split, rotate, sign, extract, convert). Declared libraries (pypdf, fpdf2, endesive, pillow, cryptography) are reasonable for the stated functionality.
Instruction Scope
SKILL.md is focused on CLI usage and page-range semantics and does not direct the agent to read unrelated system files. However the signing workflow requires the user to provide PKCS#12 files and passwords and the skill supports in-place modification of files — these are sensitive operations and should be performed only with trusted tooling and credentials.
!
Install Mechanism
There is no formal install spec; the instructions ask users to run `pip install pdfly` (or `uvx pdfly`). The skill metadata lists source/homepage as unknown and no provenance is provided. Installing an unverified PyPI package can execute arbitrary code on the host, so this is a notable risk until the package origin is verified.
Credentials
The skill declares no required environment variables or credentials, which is consistent. But runtime usage expects access to local PDFs, certificate files (.p12/.pem), and possible passwords (e.g., `-p` for PKCS12). Those are legitimate for signing/verification but are sensitive — the skill could be asked to handle secrets not explicitly declared.
Persistence & Privilege
Skill is not forced-always and uses normal autonomous invocation defaults. It does not request persistent system-wide changes in the SKILL.md. No install-time persistent privileges are declared.
What to consider before installing
This skill appears to document a legitimate PDF CLI, but the SKILL.md asks you to `pip install pdfly` while the registry entry has no source or homepage. Before installing or using it, verify the pip package author and source (PyPI project page / GitHub repo), review the package code or its published wheel, and prefer installing in an isolated environment (virtualenv or sandbox). Be cautious when supplying private keys (.p12/.pfx) or passwords: only use them with tooling you trust, and avoid handing secrets to packages whose code you haven't inspected. If you can't verify the package origin, do not install it system-wide and consider alternative well-known tools with clear provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk974k7njyyxvv09nr3g2p587a1846w2z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

pdfly CLI Skill

A pure-python CLI for PDF manipulation built on pypdf, fpdf2, and endesive.

Installation

pip install pdfly
# or with uv
uvx pdfly --help

Quick Reference

CommandDescription
pdfly compress IN OUTLossless compression
pdfly cat IN [PAGES]... -o OUTMerge/split pages
pdfly rm IN [PAGES]... -o OUTRemove pages
pdfly rotate -o OUT IN DEG [PGRGS]Rotate pages
pdfly sign IN --p12 CERT [-o OUT]Sign PDF
pdfly check-sign IN --pem CERTVerify signature
pdfly meta IN [-o FORMAT]Show metadata
pdfly pagemeta IN IDX [-o FORMAT]Page details (0-based)
pdfly extract-images INExtract images
pdfly extract-text INExtract text
pdfly extract-annotated-pages IN [-o OUT]Extract annotated
pdfly uncompress IN OUTDecompress streams
pdfly update-offsets IN [-o OUT]Fix offsets
pdfly 2-up IN OUT2-up layout
pdfly booklet IN OUT [-b FILE] [-c FILE]Booklet layout
pdfly x2pdf [FILES]... -o OUTConvert to PDF

Output Formats (meta/pagemeta)

-o text   # Default
-o json
-o yaml

Page Range Syntax

See references/page-ranges.md for full syntax including negative indices and strides.

PDF Signing

See references/sign.md for complete signing/verification workflow.

Rotate Command

The -o/--output option is required and must come before positional arguments:

pdfly rotate -o output.pdf input.pdf 90 "1-3"

See references/rotate.md for full examples.

Extract/Merge (cat)

See references/cat.md for complex merge/split operations.

Key Libraries

LibraryPurpose
pypdfPDF reading/writing, page manipulation
fpdf2Creating PDFs from images/text
endesivePDF signing with PKCS12
pillowImage processing
cryptographyCryptographic operations

Exit Codes

  • 0 = Success
  • 1 = Error (file not found, invalid input, etc.)

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…