Pdf Filler
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: pdf-filler Version: 0.1.5 The pdf-filler skill is a utility for extracting and filling PDF AcroForms using a fallback chain of standard Python libraries (pypdf, PyMuPDF, etc.). The scripts (extract.py, fill.py, list_backends.py) are simple wrappers for the oc_pdf_filler package and do not contain any suspicious logic. The SKILL.md instructions include proactive security measures, such as enforcing workspace boundaries to prevent path traversal and ensuring the agent only operates within sandboxed directories.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency runs and later executes code outside the supplied artifacts, so the safety of the workflow depends partly on that package and its dependencies.
The main implementation is installed from an external, unpinned Python package rather than fully included in the reviewed skill artifacts. This is disclosed and purpose-aligned, but users must trust that package source.
The skill scripts call the `oc-pdf-filler` Python package. Install it first: `pip install "oc-pdf-filler[all]"`
Install only from a trusted package source, consider pinning a known-good version, and review the package if using it on sensitive PDFs.
A generated form could contain incorrect default or inferred answers, especially for official, legal, financial, or HR documents.
The instructions permit automatic defaults for missing form values. That is useful for batch filling, but can create a completed PDF containing assumptions rather than explicit user-provided answers.
If you are unsure for a checkbox, choose `false`, not omission. ... `--default-unset-radios first` to pick the first available option for every untouched radio group.
Have the user confirm uncertain fields and review the final filled PDF before relying on it; avoid broad defaulting flags unless the defaults are intended.