ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Pdf Builder

AI-powered PDF generator for legal docs, pitch decks, and reports. SAFEs, NDAs, term sheets, whitepapers. npx ai-pdf-builder. Works with Claude, Cursor, GPT, Copilot.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 5k · 24 current installs · 25 all-time installs
by@NextFrontierBuilds
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to generate PDFs locally (via Pandoc/LaTeX) and via AI. Local-generation requirements (Pandoc, TeX) are appropriate. However, the SKILL.md also instructs users to run 'npx ai-pdf-builder' which will fetch and execute package code from npm at runtime — a capability not obvious from an instruction-only skill manifest and not declared in the metadata. README and SKILL.md reference npm and GitHub URLs but the source is listed as 'unknown' and the manifest version (1.2.3) vs README (0.4.0) conflicts, reducing trust in provenance.
!
Instruction Scope
Runtime instructions tell the agent to read content from the user's message or files and either convert locally or call cloud APIs. The SKILL.md explicitly instructs checking for Pandoc and reading/using user-supplied files (expected), but also describes a cloud API option and instructs setting an ANTHROPIC_API_KEY. The skill does not declare that environment variable in its metadata. The cloud path implies documents could be transmitted off-device (possible data exfiltration) to ai-pdf-builder.com or third-party AI services — the instructions do not limit or clearly document this behavior.
!
Install Mechanism
There is no declared install spec, but the instructions encourage usage via 'npx ai-pdf-builder', which will download and run remote npm package code at time of use. That effectively functions as an install/execute step and can run arbitrary code. Because no package checksum, publisher verification, or pinned source is provided and the skill registry shows 'Source: unknown', this is higher risk than a purely local-instruction skill.
!
Credentials
The SKILL.md asks users to export ANTHROPIC_API_KEY for AI features and mentions other models (Claude, GPT, Cursor, Copilot) but the skill metadata declares no required environment variables or primary credential. Requesting an API key in instructions without declaring it is inconsistent. Also the 'Get API key at ai-pdf-builder.com' guidance points to an external site (not clearly verified) which could be used to collect keys — this is disproportionate and should be explicitly declared and justified.
Persistence & Privilege
The skill does not request persistent presence (always:false) and is user-invocable. There is no install spec that writes files or modifies other skills/configs in the provided metadata. That limits privilege scope compared to an always-enabled skill.
What to consider before installing
This skill could do what it says, but there are notable red flags you should address before using it: - Provenance: the skill lists no trusted source and the README/metadata versions differ. Verify the package repository and author (inspect the npm package and the GitHub repo) before running npx. - Remote code execution: 'npx ai-pdf-builder' will download and execute code from npm. Only run that if you trust the package owner and have reviewed the package contents (or run it in a sandbox). - Undeclared credentials: SKILL.md asks you to set ANTHROPIC_API_KEY and references other AI providers but the skill metadata doesn't declare these. Treat API keys as sensitive — don't paste them into untrusted sites. Prefer local generation (Pandoc + LaTeX) if you need to handle confidential documents. - Cloud API / data exfiltration: the instructions reference ai-pdf-builder.com as a place to get an API key and offer a cloud API path. Confirm the API's privacy policy and where your documents will be processed before uploading sensitive legal material. - Minimum actions: if you want to try it, 1) inspect the npm package source (or install in an isolated container), 2) prefer local Pandoc flow for private docs, and 3) avoid providing keys or confidential files to the cloud endpoint until you confirm legitimacy. If you can provide the npm package name, GitHub repository link, or the ai-pdf-builder.com domain details, I can re-evaluate with higher confidence.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.3
Download zip
latestvk97bm5ewvxtn5jey7gfazxyzkx80zfc9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AI PDF Builder

YC-style docs in seconds. AI-powered PDF generator for legal documents, pitch decks, and professional reports.

Generate SAFEs, NDAs, term sheets, whitepapers, and memos from simple prompts. Works with Claude, GPT, Cursor, and AI coding agents. Perfect for:

  • Whitepapers & Litepapers
  • Term Sheets
  • SAFEs & NDAs
  • Memos & Reports
  • Legal Agreements

What's New in v1.1.0

  • AI Content Generation - Generate documents from prompts using Claude
  • --company Flag - Inject company name directly via CLI
  • enhance Command - Improve existing content with AI
  • summarize Command - Generate executive summaries from documents
  • Content Sanitization - Automatic cleanup of AI-generated content

Requirements

Option A: Local Generation (Free, Unlimited)

# macOS
brew install pandoc
brew install --cask basictex
sudo tlmgr install collection-fontsrecommended fancyhdr titlesec enumitem xcolor booktabs longtable geometry hyperref graphicx setspace array multirow

# Linux
sudo apt-get install pandoc texlive-full

Option B: Cloud API (Coming Soon) No install required. Get API key at ai-pdf-builder.com

For AI Features: Set your Anthropic API key:

export ANTHROPIC_API_KEY="your-key-here"

Usage

Check System

npx ai-pdf-builder check

Generate via CLI

# From markdown file
npx ai-pdf-builder generate whitepaper ./content.md -o output.pdf

# With company name
npx ai-pdf-builder generate whitepaper ./content.md -o output.pdf --company "Acme Corp"

# Document types: whitepaper, memo, agreement, termsheet, safe, nda, report, proposal

AI Content Generation (New!)

# Generate a whitepaper from a prompt
npx ai-pdf-builder ai whitepaper "Write a whitepaper about decentralized identity" -o identity.pdf

# Generate with company branding
npx ai-pdf-builder ai whitepaper "AI in healthcare" -o healthcare.pdf --company "HealthTech Inc"

# Generate other document types
npx ai-pdf-builder ai termsheet "Series A for a fintech startup" -o termsheet.pdf
npx ai-pdf-builder ai memo "Q4 strategy update" -o memo.pdf --company "TechCorp"

Enhance Existing Content (New!)

# Improve and expand existing markdown
npx ai-pdf-builder enhance ./draft.md -o enhanced.md

# Enhance and convert to PDF in one step
npx ai-pdf-builder enhance ./draft.md -o enhanced.pdf --pdf

Summarize Documents (New!)

# Generate executive summary
npx ai-pdf-builder summarize ./long-document.md -o summary.md

# Summarize as PDF
npx ai-pdf-builder summarize ./report.pdf -o summary.pdf --pdf

Generate via Code

import { generateWhitepaper, generateTermsheet, generateSAFE, aiGenerate, enhance, summarize } from 'ai-pdf-builder';

// AI-Generated Whitepaper
const aiResult = await aiGenerate('whitepaper', 
  'Write about blockchain scalability solutions',
  { company: 'ScaleChain Labs' }
);

// Whitepaper from content
const result = await generateWhitepaper(
  '# My Whitepaper\n\nContent here...',
  { title: 'Project Name', author: 'Your Name', version: 'v1.0', company: 'Acme Corp' }
);

if (result.success) {
  fs.writeFileSync('whitepaper.pdf', result.buffer);
}

// Enhance existing content
const enhanced = await enhance(existingMarkdown);

// Summarize a document
const summary = await summarize(longDocument);

// Term Sheet with company
const termsheet = await generateTermsheet(
  '# Series Seed Term Sheet\n\n## Investment Amount\n\n$500,000...',
  { title: 'Series Seed', subtitle: 'Your Company Inc.', company: 'Investor LLC' }
);

// SAFE
const safe = await generateSAFE(
  '# Simple Agreement for Future Equity\n\n...',
  { title: 'SAFE Agreement', subtitle: 'Your Company Inc.' }
);

Document Types

TypeFunctionBest For
whitepapergenerateWhitepaper()Technical docs, litepapers
memogenerateMemo()Executive summaries
agreementgenerateAgreement()Legal contracts
termsheetgenerateTermsheet()Investment terms
safegenerateSAFE()SAFE agreements
ndagenerateNDA()Non-disclosure agreements
reportgenerateReport()Business reports
proposalgenerateProposal()Business proposals

Custom Branding

const result = await generateWhitepaper(content, metadata, {
  customColors: {
    primary: '#E85D04',    // Signal Orange
    secondary: '#14B8A6',  // Coordinate Teal
    accent: '#0D0D0D'      // Frontier Dark
  },
  fontSize: 11,
  margin: '1in',
  paperSize: 'letter'
});

Agent Instructions

When a user asks to generate a PDF:

  1. Check what type of document they need (whitepaper, term sheet, memo, etc.)
  2. Determine if they want AI generation or have existing content
  3. Get the content - either from their message, a file, or use AI to generate
  4. Ask for metadata if not provided (title, author, company name)
  5. Use --company flag to inject company branding
  6. Check if Pandoc is installed: which pandoc
  7. If Pandoc missing, provide install instructions or suggest cloud API
  8. Generate the PDF using the appropriate function
  9. Send the PDF file to the user

AI Commands Quick Reference:

  • ai <type> "<prompt>" - Generate new document from prompt
  • enhance <file> - Improve existing content
  • summarize <file> - Create executive summary
  • --company "Name" - Add company branding to any command

Links

Built by @NextXFrontier & @DLhugly

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…