Skillv1.0.0

ClawScan security

PDF助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 8:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated PDF-processing purpose is plausible, but the instructions embed an unexplained API key and give vague guidance about uploading user files to an external service, which is inconsistent and raises privacy/credential concerns.
Guidance: Before installing, consider these points: - The skill will (per its text) upload user files to an external service (TinyWow). If those files contain sensitive data, you should not send them to a third-party service without certainty about retention and privacy practices. The README claims 24-hour deletion but provides no guarantee or audit details. - The SKILL.md embeds a raw API key for 'SkillPay.me' and pricing info. The skill metadata declares no required credentials, so this is inconsistent. Embedded keys in documentation can be leaked credentials, placeholders, or an attempt to hard-code payment access — ask the author to explain why this key is present, remove it from public docs, and provide a way to set any required keys via environment variables instead. - The instructions are vague about exact API endpoints and how payment is handled. Ask for: (a) concrete API call examples showing where files are sent, (b) a privacy/data-retention statement from the processing provider, and (c) clarification about the payment flow (who is charged and how the embedded key is used). - If you plan to process sensitive documents, prefer a skill that documents explicit endpoints, requires credentials via secure environment variables (not embedded in SKILL.md), or runs locally without sending files to a third party. What would change this assessment: if the author confirms the SkillPay key is a harmless placeholder (and removes it), provides exact API call details and a privacy/retention policy from TinyWow, or updates the skill to require a user-provided payment credential (declared in metadata) instead of embedding a key. Without that, treat this skill cautiously and avoid uploading sensitive files.

Review Dimensions

Purpose & Capability: concernThe description (PDF convert/merge/split/etc.) matches the instructions that say files are submitted to a processing platform (TinyWow). However, the SKILL.md also includes an inline 'SkillPay.me' API key and pricing information even though the skill declares no required credentials or payment integration — embedding a payment/API key in the README without declaring it or explaining its use is inconsistent with the skill metadata.
Instruction Scope: concernThe runtime instructions are very high-level: they expect the agent to accept user file uploads and 'submit' them to an external processing platform (TinyWow). No concrete endpoints, API calls, or explicit consent/handling rules are provided. That vagueness gives the agent broad discretion to transmit user files externally (including potentially sensitive data) and does not explain how or where payments are processed.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk or installed during skill setup — low install-surface risk.
Credentials: concernThe skill declares no required environment variables or credentials, yet SKILL.md contains a hard-coded API key for 'SkillPay.me'. That embedded secret is unexpected and unexplained; credentials should be declared in metadata and not baked into instructions. Also, there is no justification for why a payment API key is needed to perform PDF processing via TinyWow.
Persistence & Privilege: okThe skill does not request always:true and has no special OS or config-path requirements. Autonomous invocation is allowed (platform default), which is normal — there are no elevated persistence or cross-skill configuration changes requested.