Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Comprehensive PDF manipulation toolkit for extracting text and tables, creating new PDFs, merging/splitting documents, and handling forms. When Claude needs to fill in a PDF form or programmatically process, generate, or analyze PDF documents at scale.
⭐ 44· 29.5k·647 current·665 all-time
by@awspace
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (PDF extraction, merging, creation, forms) align with the SKILL.md examples: pypdf, pdfplumber, reportlab, pdftotext/qpdf/pdftk, pytesseract/pdf2image for OCR. All referenced libraries and commands are appropriate for PDF processing.
Instruction Scope
SKILL.md contains concrete code and CLI examples that operate on local PDF files (read, write, merge, OCR, decrypt with provided password example). This is expected for the stated purpose, but the doc implicitly reads and writes arbitrary file paths (e.g., watermark.pdf, input.pdf). There are no instructions to read unrelated system config or environment variables, but the guide references external helper files (reference.md, forms.md) that are not included.
Install Mechanism
No install spec (instruction-only), which reduces installer risk. The guide implicitly requires Python packages (pypdf, pdfplumber, reportlab, pandas, pytesseract, pdf2image) and system utilities (poppler/pdftotext, qpdf, pdftk, tesseract). Those are standard for PDF work but are not enumerated as required installs—user should ensure those dependencies are installed from trusted sources.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The examples include a qpdf decrypt example with an inline password literal (mypassword) which is illustrative only; nothing in the manifest requests secrets or unrelated credentials.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill is instruction-only and does not request persistent/system-wide privileges or change other skills' configs.
Assessment
This skill appears coherent for PDF processing. Before installing: 1) Note the source is unknown and there's no homepage—prefer skills from known authors if you need higher assurance. 2) The instructions will read and write local files (PDFs, images)—do not let the skill access directories containing sensitive documents unless you trust it. 3) The guide assumes you have system dependencies (poppler, tesseract) and Python packages; install those from official package repositories. 4) Examples show decrypting PDFs with a password—the skill itself doesn't request secrets, but you will need to supply passwords if decrypting protected files; avoid embedding real secrets in example code. 5) If you want stronger assurance, request the author/source code or run the workflow in an isolated environment (container or VM) before giving it access to sensitive PDFs.Like a lobster shell, security has layers — review code before you run it.
latestvk97cz981kj0veqx1m79dd5sy4n809j57
License
MIT-0
Free to use, modify, and redistribute. No attribution required.