ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

UA1 Validator Agent

v0.1.0

Validate PDFs against PDF/UA-1 using ua1.dev or api.ua1.dev from AI coding agents (OpenClaw, Claude Code, Codex, OpenCode). Use when an agent needs determini...

0· 632·0 current·0 all-time
by@hajekt2
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script posts a PDF to https://api.ua1.dev/api/validate (compact or full) and interprets the API verdict. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to health check and posting files for validation. The script transmits the entire PDF to an external host (api.ua1.dev) — this is expected for remote validation but is a privacy/PII consideration. The SKILL.md and registry metadata do not declare required runtime binaries: the script depends on curl and mktemp (and optionally jq).
Install Mechanism
Instruction-only skill with a small shell script; no install spec, no downloads or archive extraction. No high-risk install mechanism present.
Credentials
No credentials or sensitive environment variables are requested. Two optional env vars are documented (UA1_API_BASE, UA1_FORMAT) and are proportionate. There are no undeclared secret-access requirements.
Persistence & Privilege
Skill does not request persistent/always-on presence and does not modify other skills or system-wide settings. It runs only when invoked.
Assessment
This skill is coherent and implements remote PDF/UA-1 validation by uploading files to api.ua1.dev. Before installing or using it, consider: 1) Data sensitivity — the script will POST the entire PDF to an external service; do not use it with private or regulated documents unless you trust api.ua1.dev and its privacy policy. 2) Runtime dependencies — ensure curl (and mktemp) exist on the runner; jq is used to parse the verdict but is optional (the script handles jq failure gracefully). 3) You can override UA1_API_BASE to point to a trusted/self-hosted endpoint if you have one. 4) The script returns exit codes (0=pass, 2=fail, 1=transport/error) — use these in CI gates as documented. 5) Verify the service’s authenticity (TLS certificate, domain ownership) before sending sensitive files. If you need local-only validation for privacy/compliance, prefer a local validator rather than this remote API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b39jxpfk72pw5eappmqmkmx81a33a
632downloads
0stars
1versions
Updated 5h ago
v0.1.0
MIT-0
@hajekt2
latest
Download

UA1 Validator Agent Skill

Use this skill to run deterministic PDF/UA-1 checks from an agent workflow.

Endpoints

  • Health: GET https://api.ua1.dev/api/health
  • Validate: POST https://api.ua1.dev/api/validate
  • Compact mode: POST https://api.ua1.dev/api/validate?format=compact
  • Metrics: GET https://api.ua1.dev/api/metrics

Required contract

Send multipart form-data with field name file.

  • Accepted: .pdf
  • Typical outcomes:
    • 200 validation response
    • 415 unsupported type
    • 413 file too large
    • 429 rate-limited

Minimal workflow for agents

  1. Run health check once before batch validation.
  2. Validate each PDF using compact mode for deterministic parsing.
  3. If verdict is fail, capture findings and group by rule_id.
  4. Produce remediation plan sorted by rule frequency.
  5. Re-run validation after fixes and compare counts.

Use script

Run:

bash scripts/validate_pdf.sh /absolute/or/relative/path/to/file.pdf

Optional env:

  • UA1_API_BASE (default: https://api.ua1.dev)
  • UA1_FORMAT (compact by default; set full for full payload)

CI gate pattern

Treat non-pass verdict as a failed quality gate.

  • Exit 0 only when verdict is pass
  • Exit 2 when verdict is fail
  • Exit 1 for transport/API errors

Use the script’s exit codes directly in pipelines.

Comments

Loading comments...