Skillv1.0.0

ClawScan security

Pymupdf Pdf Parser Clawdbot Skill Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 1:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it performs local PDF parsing with PyMuPDF, requests no credentials or unusual installs, and its instructions and code align with the stated purpose.
Guidance: This skill appears to do exactly what it says, but check these practical points before use: - Inspect the scripts locally (you already have the source); the code does not perform network I/O or spawn shells. - Install PyMuPDF from the official source (pip install pymupdf) and be mindful of Nix libstdc++ notes if on NixOS. - Outputs are written as cleartext under the outroot directory and will overwrite existing files with the same path; ensure you choose an appropriate outroot and back up any important outputs. - The script uses pdf_path.stem for output folder names — different PDFs with identical basenames (from different directories) will produce the same per-document name under a shared outroot, which can cause confusion or collisions. - The SKILL.md guardrails forbid sending parsed content to external endpoints and require confirmation for bulk processing; those are documentation-level protections — if you or another automated agent instructs the skill to exfiltrate data, that would be a user action outside the code itself. Run the skill in a trusted environment when parsing sensitive documents.

Purpose & Capability: okName/description promise (fast local PDF parsing to MD/JSON with optional images/tables) matches the included script and SKILL.md. There are no unrelated environment variables, binaries, or cloud credentials requested. The only external dependency is PyMuPDF (fitz), which is appropriate.
Instruction Scope: okSKILL.md restricts behavior to local parsing, includes guardrails (no exfiltration, no modifying source files, confirm before bulk processing), and the runtime example is limited to invoking the provided script. The script itself reads only the provided PDF and writes outputs to a per-document outdir; it does not call network endpoints or spawn shells/subprocesses.
Install Mechanism: okNo automated install spec is provided (instruction-only). The README/SKILL.md recommend installing PyMuPDF via pip, a standard and expected dependency path. There are no downloads from untrusted URLs or archive extraction steps in the skill bundle.
Credentials: okThe skill requests no environment variables, credentials, or config paths. This is proportionate to its simple local parsing functionality.
Persistence & Privilege: okThe skill is not always-enabled and does not modify other skills or system configuration. It writes output files under a user-specified outroot (normal behavior). Autonomous invocation is allowed by default but that is the platform norm and not combined with other red flags here.