Skillv1.0.0

ClawScan security

Nano Pdf Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it wraps the nano-pdf CLI, requests the nano-pdf binary (installed via a package), asks no secrets, and its runtime instructions stay on-purpose with explicit guardrails for sensitive and batch edits.
Guidance: This skill appears to do what it says: it runs the nano-pdf CLI to edit PDFs and includes sensible guardrails. Before installing, verify the nano-pdf package source (check its PyPI project page and source repository, review the maintainer and recent releases). Prefer installing the CLI in a controlled environment (container or sandbox) first, and test edits on non-sensitive copies. Pay attention to the guardrails: confirm file lists before any batch operation and confirm specific values when editing legal/financial/medical documents. If you don't trust the package provider, you can avoid the automatic 'uv' install and install the nano-pdf binary manually from a vetted source.

Purpose & Capability: okThe skill name/description match its requirements: it requires the nano-pdf binary and its example usage invokes nano-pdf. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope: okSKILL.md is instruction-only and tells the agent to run nano-pdf edit commands and to sanity-check outputs. It includes explicit guardrails (confirm file lists before batch edits; confirm values for sensitive documents). The instructions do not reference unrelated system files, credentials, or external endpoints.
Install Mechanism: noteThe install spec will install a third-party package ('nano-pdf') and create a binary. The install kind is 'uv' (not a standard brew/apt/pip spec visible here), so the exact source/resolution mechanism depends on the platform's 'uv' provider. Installing a package that writes a binary to disk is normal for a CLI wrapper but carries the usual risk of third-party package installs — verify the package origin (PyPI page/source repo) before installing.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets; requested privileges are proportional to its stated purpose.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not demand persistent or elevated agent-wide privileges and does not attempt to modify other skills or system-wide agent settings.