ClawHub
Back to skill
v1.0.1

Pdf Pro

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:22 AM.

Analysis

This PDF utility appears to do the advertised local PDF operations, with only normal cautions around file overwrites and manual package installation.

GuidanceThis looks like a normal local PDF tool. Before installing, use a virtual environment if possible, install dependencies from trusted sources, and double-check file paths so private documents are processed intentionally and outputs do not overwrite important files.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/pdf_tools.py
with open(output_file, 'wb') as f:
                writer.write(f)

The tool writes generated PDFs directly to a user-provided output path. This is expected for PDF editing, but an incorrect path could overwrite or create files in unintended locations.

User impactIf the user or agent supplies the wrong output path, an existing local file could be replaced or new files could be created somewhere unexpected.
RecommendationConfirm input and output paths before running operations, and avoid pointing outputs at important existing files unless overwriting is intended.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
安装依赖: `pip install PyPDF2 pdfplumber Pillow reportlab pypdfium2`

The skill relies on manually installing third-party Python packages without pinned exact versions. This is common and purpose-aligned for a PDF utility, but users should install from trusted package sources.

User impactThe installed dependency versions may vary across environments, and compromised or unexpected packages could affect the local system.
RecommendationInstall dependencies from the official Python package index or a trusted mirror, and consider using a virtual environment with pinned versions.