Back to skill
Skillv1.0.0
ClawScan security
Split PDF · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 6:13 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and manifest are internally consistent: it calls a third‑party PDF split API and requires only an API key, which matches its stated purpose.
- Guidance
- This skill is coherent but it sends your PDF files to a third-party service (pdfapihub.com). Do not use it with sensitive or confidential documents unless you've reviewed that service's privacy, retention, and deletion policies. Provide an API key with minimal privileges and consider using a short-lived or test key first. If you require offline/privacy-preserving splitting, use a local tool instead. Also confirm how your platform stores the CLIENT-API-KEY and whether the agent is allowed to invoke the skill autonomously; if you do not want automatic calls, disable autonomous invocation or avoid installing the skill.
Review Dimensions
- Purpose & Capability
- okName/description match the declared endpoint and parameters in skill.json and SKILL.md. Requesting an API key and accepting a URL/base64/multipart file are expected for a PDF-splitting API; there are no unrelated binaries, config paths, or secrets requested.
- Instruction Scope
- noteSKILL.md instructs the agent to POST the PDF (via URL, base64, or multipart) to https://pdfapihub.com/api/v1/pdf/split and include CLIENT-API-KEY in the header. The instructions do not tell the agent to read other files, environment variables, or system state. Important privacy note: using the skill will transmit the full PDF (potentially containing sensitive data) to a third party — this is expected behavior for a hosted API but is a relevant security/privacy consideration.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk and no external packages or downloads are performed. This is the lowest-risk install model.
- Credentials
- okThe only credential required is the API key delivered in the CLIENT-API-KEY header (declared in skill.json). No unrelated credentials or high-privilege environment variables are requested. Users will need to provide that API key to the platform — ensure the platform stores it securely and that the key has limited scope.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide changes or access to other skills' configs. The skill can be invoked autonomously by the agent (disable-model-invocation=false), which is the normal default — note this only increases risk if you allow the agent to act without prompts.