use_pdf
PassAudited by ClawScan on May 11, 2026.
Overview
This PDF utility skill appears purpose-aligned and not malicious, but it uses local scripts and PDF tools that can read, write, or decrypt user-selected PDFs.
This skill looks reasonable for local PDF work. Before installing, be prepared to manage trusted PDF dependencies, confirm file paths before running scripts, and protect intermediate images, JSON files, or decrypted PDFs if the documents contain sensitive information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run local scripts that read PDFs and create output files when handling PDF tasks.
The skill directs execution of included local helper scripts. This is expected for PDF form processing, but users should know it runs local Python code on selected files.
Run this script from this file's directory: `python scripts/extract_form_field_info.py <input.pdf> <field_info.json>`
Use the scripts only on PDFs you intended to process, and review input/output paths before running form-filling workflows.
If used without care, the skill could create unprotected copies of sensitive protected PDFs.
The documented command-line workflow includes decrypting or removing password protection from PDFs. This is purpose-aligned, but it can alter document access protections.
qpdf --password=mypassword --decrypt encrypted.pdf decrypted.pdf
Only decrypt PDFs you are authorized to modify, and store decrypted outputs securely.
The skill may fail until dependencies are installed, and users could install them from untrusted sources if setup is not documented.
The included scripts rely on third-party libraries, while the registry metadata states there is no install spec and no required binaries. This is not malicious, but dependency setup and provenance are under-declared.
from pdf2image import convert_from_path
Install required PDF libraries and tools from trusted package managers or official sources, and avoid ad hoc downloads.