Make PDF safe

Flatten a PDF into a non-interactive “safe” version by uploading it to the Solutions API, polling until completion, then returning a download URL for the flattened PDF.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 996 · 3 current installs · 4 all-time installs

by@CrossServiceSolutions

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The SKILL.md and the included Python script both implement the described workflow (POST file -> poll -> return a download URL). However the registry metadata claims no required environment variables or primary credential while the SKILL.md and script require an API key (SOLUTIONS_API_KEY or --api-key) and optionally allow SOLUTIONS_BASE_URL — this mismatch is a transparency/metadata issue that should be resolved.

✓

Instruction Scope

Instructions are narrowly scoped to uploading the provided PDF, polling the Solutions API job endpoint, and returning the download URL. They do not attempt to read unrelated files, environment variables, or system configuration. Note: the workflow necessarily transmits the entire PDF to an external service, which is expected for this function but is a privacy/security consideration.

✓

Install Mechanism

This is an instruction-only skill plus an included Python script; there is no installer or third-party binary download. The script depends on the 'requests' package (declared in requirements.txt). No high-risk install URLs or archive extraction are present.

Credentials

The skill requires a bearer API key (SOLUTIONS_API_KEY or passed via --api-key) to operate, which is proportionate to contacting a third-party API. However the registry metadata does not declare this required credential or the optional SOLUTIONS_BASE_URL env var. Also, using the skill sends potentially sensitive documents to an external domain (api.xss-cross-service-solutions.com) — the provider and data-retention/privacy policy should be verified before sending sensitive PDFs.

✓

Persistence & Privilege

The skill does not request persistent 'always' inclusion, does not modify other skills or system settings, and has no install-time hooks. It only runs as invoked (or autonomously per platform default), which is normal.

What to consider before installing

This skill performs exactly what it says (uploads a PDF to a remote service, waits for a flattening job, and returns a download link). Before installing or using it, verify the external provider (there is no homepage listed and the domain includes 'xss' which is unusual), confirm their privacy/retention policy, and only upload documents you are comfortable sending to that third party. Note the registry metadata omits the required API key — the skill will not work without providing a bearer token (via --api-key or SOLUTIONS_API_KEY). If you need to process sensitive PDFs and cannot trust the remote service, prefer a local flattening tool instead. If you proceed, keep the API key secret and do not paste it into chat or logs.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk970y8n0nbztx1ebeqgvwzgs3180v017

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

make-pdf-safe

Purpose

This skill creates a “safe” PDF by converting the document into a single flattened layer without active functionality. The goal is to reduce risk from interactive PDF features.

In practical terms, the output PDF is intended to:

remove or neutralize interactive elements (e.g., scripts/actions),
prevent editing of underlying objects/content structure,
behave like a flattened document layer (similar to a “print” representation).

This skill:

accepts a PDF file from the user,
uploads it to the Solutions API,
polls the job status until it is finished,
returns the download URL for the “safe” flattened PDF.

Credentials

The API requires an API key used as a Bearer token:

Authorization: Bearer <API_KEY>

How the user gets an API key:

https://login.cross-service-solutions.com/register
Or the user can provide an API key directly.

Rule: never echo or log the API key.

API endpoints

Base URL:

https://api.xss-cross-service-solutions.com/solutions/solutions

Create make-safe job:

POST /api/41
multipart/form-data parameters:
- file — required — PDF file

Get result by ID:

GET /api/<ID>

When done, the response contains:

output.files[] with { name, path } where path is a downloadable URL.

Inputs

Required

PDF file (binary)
API key (string)

Optional

None

Output

Return a structured result:

job_id (number)
status (string)
download_url (string, when done)
file_name (string, when available)

Example output:

{
  "job_id": 4101,
  "status": "done",
  "download_url": "https://.../safe.pdf",
  "file_name": "safe.pdf"
}

Files

5 total

Select a file

Select a file to preview.

Comments

Loading comments…