ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sube Test

v1.0.4

Convert unstructured documents into LLM-ready structured data. Supports PDF, Word, PPT, and images; extracts paragraphs, formulas, tables, charts, and other...

0· 93·0 current·0 all-time
bySube@sube-py·duplicate of @sube-py/pdflux-test

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sube-py/sube-test.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sube Test" (sube-py/sube-test) from ClawHub.
Skill page: https://clawhub.ai/sube-py/sube-test
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: PD_ROUTER_API_KEY
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sube-test

ClawHub CLI

Package manager switcher

npx clawhub@latest install sube-test
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say: convert documents to Markdown via a remote parsing service. The script and SKILL.md only require node and PD_ROUTER_API_KEY and call https://platform.paodingai.com/openapi/... — these are proportionate and expected for that purpose.
Instruction Scope
SKILL.md and agents/openai.yaml explicitly require running the bundled scripts/upload_to_markdown.js, and the script's logic matches that contract (upload file, poll status, download markdown). Minor inconsistency: the script also reads environment variables PDFLUX_FORCE_UPDATE and PDFLUX_FORCE_OCR (defaulting to true) but these are not documented in SKILL.md; otherwise instructions do not access unrelated files, other env vars, or unexpected network hosts.
Install Mechanism
Instruction-only skill with a bundled Node script; no install spec or remote downloads. This minimizes on-disk installation risk.
Credentials
Only PD_ROUTER_API_KEY is required (primary credential) and is used exclusively to authenticate to the declared PDRouter endpoint. One optional env (PDFLUX_INCLUDE_IMAGES) is documented; the script additionally reads undocumented PDFLUX_FORCE_UPDATE and PDFLUX_FORCE_OCR but they are benign configuration flags rather than extra credentials.
Persistence & Privilege
always is false and the skill does not modify other skills or system settings. The agent may invoke the skill autonomously (default), which is expected for skills and not flagged on its own.
Assessment
This skill uploads the local file you point it at to the PaodingAI/PDRouter service (https://platform.paodingai.com) using the PD_ROUTER_API_KEY you provide — so only install/use it if you trust that service and are comfortable sending the document (and its contents) to that endpoint. The token grants access to the PDRouter API, so keep it secret and consider using a scoped/ephemeral key if possible. Note the script will write Markdown to stdout and optionally to a file; it may include embedded image/base64 data if you enable that. If you handle sensitive documents, test with non-sensitive data first and review the bundled script (scripts/upload_to_markdown.js) yourself; the script also reads undocumented config flags PDFLUX_FORCE_UPDATE and PDFLUX_FORCE_OCR, which are innocuous toggles but worth knowing about.
scripts/upload_to_markdown.js:21
Environment variable access combined with network send.
!
scripts/upload_to_markdown.js:88
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📝 Clawdis
Binsnode
EnvPD_ROUTER_API_KEY
Primary envPD_ROUTER_API_KEY
latestvk97dnj6kwbhd9335ahz5135yxs83xkk5
93downloads
0stars
1versions
Updated 4w ago
v1.0.4
MIT-0
Sube@sube-py
latest
Download

PDFlux-PDF2Markdown

Run a JavaScript workflow that uploads a single local file to the pdflux service through PDRouter, polls the parsing status, and then downloads the resulting Markdown. This is suitable for document parsing, table extraction, content verification, and handing document content off to follow-up scripts.

Installation

npx skills add PaodingAI/skills

Usage

node skills/pdflux-saas-markdown/scripts/upload_to_markdown.js <local-file-path> [output-markdown-path]

Execution Constraints

  • You must invoke scripts/upload_to_markdown.js directly. Do not reimplement the upload, polling, and Markdown download flow yourself.
  • The behavior contract below explains what the script does, what it outputs, and when to use it. It is not a manual checklist for the model to imitate step by step.
  • Even if the task is only to extract tables, read fields, inspect body text, or prepare input for later scripts, you must run this script first and continue from the generated Markdown.
  • Only inspect or modify the script implementation when the script itself is unavailable, failing, or needs a fix. Do not bypass it during normal use.

When to Use

  • Use this skill when the user wants to parse a document, retrieve specific document content, or extract tables from a document.
  • Use this skill when the user says things like "convert to Markdown", "output Markdown", "export Markdown", or "extract Markdown", and return the Markdown content directly.
  • When later work depends on the document content, such as summarization, field extraction, document-processing scripts, table comparison, or rule-based validation, use this skill first to parse the document.
  • When the document content is only needed as input for subsequent steps, do not default to showing the full raw Markdown to the user. Prefer saving it to a temporary or working file first, then read, filter, and extract only what is needed.
  • When the user explicitly asks for the original Markdown output or clearly wants a direct document-to-Markdown conversion, show the full Markdown directly.

Environment Variables

  • PD_ROUTER_API_KEY: Required. The Bearer API key for PDRouter. If it is missing, the script fails immediately. In a skill workflow, the AI should ask the user to provide a valid key, or inject it into the environment before retrying. The API key can be obtained from the PDRouter platform: https://platform.paodingai.com/
  • PDFLUX_INCLUDE_IMAGES: Optional. Boolean. Markdown output does not include image data by default.

Security and Data Flow

  • This skill uploads one user-specified local file to the official PDRouter endpoint at https://platform.paodingai.com.
  • The script reads PD_ROUTER_API_KEY only to authenticate requests to the official PDRouter service.
  • The script does not print the API key to stdout or stderr.
  • Generated Markdown is written to stdout and, if requested, to the user-provided output file path.
  • The script does not support arbitrary network targets or custom upload hosts.

Default Behavior and Optional Settings

  • Parsed results do not include chart or image extraction by default.
  • If charts, images, or similar content are required, enable them explicitly through API parameters. These results are usually returned as base64 and will increase token usage.
  • Markdown output does not include image data by default. If you need embedded image data, set PDFLUX_INCLUDE_IMAGES=true.

Script Behavior

  1. Read the token from PD_ROUTER_API_KEY. If it is missing, fail immediately and prompt the AI to ask the user for a key or inject the environment variable first.
  2. Upload the file to the official PDRouter endpoint with POST /openapi/{serviceCode}/upload using Authorization: Bearer <token>.
  3. Poll GET /openapi/{serviceCode}/document/{uuid} until parsed === 2.
  4. Fail immediately if the parsing status becomes negative.
  5. Download the Markdown from GET /openapi/{serviceCode}/document/{uuid}/markdown.
  6. If output-markdown-path is provided, the script also writes the Markdown to that file while still printing it to stdout.
  7. The script writes progress and errors to stderr and returns a non-zero exit code on failure.
  8. When the goal is to retrieve specific content, fields, or tables, read the parsed result and return only the necessary information instead of echoing the full raw Markdown to the user.
  9. When the user explicitly asks to "convert to Markdown", "output Markdown", or expresses an equivalent intent, return the Markdown content directly rather than only a summary or extracted fields.

Comments

Loading comments...