Stirling PDF
Self-hosted REST API for comprehensive PDF manipulation including merge, split, convert, OCR, compress, sign, redact, and secure PDFs.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 2 · 626 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (self-hosted PDF REST API wrapper) aligns with the included files and runtime instructions. Declared required binaries (node, curl) are necessary for the provided CLI wrapper and curl-based requests. No unrelated credentials, binaries, or install behavior are requested.
Instruction Scope
SKILL.md instructs the agent to run the included Node wrapper which performs multipart POSTs of user-specified files to the configured STIRLING_PDF_URL endpoints. The script only reads files explicitly passed as arguments and environment variables STIRLING_PDF_URL / STIRLING_API_KEY. This is within scope for PDF operations, but it does mean any file you pass will be uploaded to whatever URL is configured (default localhost). If the URL is changed to a remote host, that can result in exfiltration of sensitive files — the behavior is expected but must be considered.
Install Mechanism
There is no install spec (instruction-only with one local script), so nothing is downloaded or written by an installer. Risk from installation is low because no arbitrary remote install URLs or package pulls are present.
Credentials
No required environment variables or secrets are forced by the registry metadata. The script uses two optional env vars (STIRLING_PDF_URL, STIRLING_API_KEY) which are appropriate for a REST API client. The number and type of env vars are proportional to the skill's purpose.
Persistence & Privilege
always is false and the skill does not request system-wide config changes or persist credentials. The skill can be invoked autonomously by the agent (platform default) but that is not itself unusual; consider restricting autonomous use if handling sensitive documents.
Assessment
This skill appears to be what it says: a small Node wrapper that uploads files to a Stirling-PDF REST API. Before installing or enabling it, verify the source (no homepage provided) and consider these practical precautions:
- Ensure STIRLING_PDF_URL points to a trusted instance (localhost or your own server). If you point it to a remote or third-party URL, any file you process will be uploaded there.
- If your PDFs contain sensitive data, avoid setting a remote URL or disable autonomous invocation so the agent cannot call the skill without your explicit command.
- If you will use an API key, store it in a secure secret store and confirm the key's scope on your Stirling-PDF instance.
- Inspect the included script (scripts/pdf.js) yourself — it's short and readable — or run it in an isolated environment before granting broader access.
- Because the skill's provenance is unknown (no homepage/source repo), prefer onboarding it in a sandbox or test account and confirm behavior against a local Stirling-PDF instance. If you need higher assurance, request a version published by a verifiable maintainer or from an official project repository.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.4
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📄 Clawdis
Binsnode, curl
SKILL.md
Stirling-PDF Skill
Self-hosted PDF manipulation platform with 60+ tools via REST API.
Configuration
Set these environment variables:
STIRLING_PDF_URL— Your Stirling-PDF instance URL (default:http://localhost:8080)STIRLING_API_KEY— API key if authentication is enabled
Docs
- Official docs: https://docs.stirlingpdf.com
- Swagger UI:
<your-instance>/swagger-ui/index.htmlon your deployment
Quick Commands
# Use the wrapper script
node ~/.openclaw/skills/stirling-pdf/scripts/pdf.js <operation> [options]
# Examples:
node pdf.js merge file1.pdf file2.pdf -o merged.pdf
node pdf.js split input.pdf -o ./output-dir
node pdf.js compress input.pdf -o compressed.pdf
node pdf.js ocr input.pdf -o searchable.pdf
node pdf.js convert-to-pdf document.docx -o output.pdf
node pdf.js pdf-to-word input.pdf -o output.docx
node pdf.js add-watermark input.pdf "DRAFT" -o watermarked.pdf
Available Operations
Page Operations
merge- Combine multiple PDFssplit- Split PDF into partsrotate- Rotate pagesextract-pages- Extract specific pagesreorder- Reorganize pages
Conversion
convert-to-pdf- Word, Excel, Images, HTML → PDFpdf-to-word- PDF → Wordpdf-to-image- PDF → Imagespdf-to-text- Extract text
Content
compress- Reduce file sizeocr- Make scanned PDFs searchableadd-watermark- Add text/image watermarkadd-stamp- Add stampredact- Remove sensitive contentsign- Add signature
Security
add-password- Password protectremove-password- Remove passwordsanitize- Remove metadata/scripts
Direct API Usage
For operations not covered by the script, call the API directly:
curl -X POST "$STIRLING_PDF_URL/api/v1/general/merge-pdfs" \
-H "X-API-KEY: $STIRLING_API_KEY" \
-H "Content-Type: multipart/form-data" \
-F "fileInput=@file1.pdf" \
-F "fileInput=@file2.pdf" \
-o merged.pdf
Check Swagger UI at <your-instance>/swagger-ui/index.html for all endpoints.
Common Endpoints
| Operation | Endpoint |
|---|---|
| Merge | /api/v1/general/merge-pdfs |
| Split | /api/v1/general/split-pages |
| Compress | /api/v1/misc/compress-pdf |
| OCR | /api/v1/misc/ocr-pdf |
| PDF to Image | /api/v1/convert/pdf/img |
| Image to PDF | /api/v1/convert/img/pdf |
| Add Watermark | /api/v1/security/add-watermark |
| Add Password | /api/v1/security/add-password |
Notes
- Most endpoints use POST with multipart/form-data
- File input parameter is usually
fileInput - Response is the processed PDF file
- Check Swagger UI for exact parameters per operation
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…