ClawHub

PDFExtract Pull Text from PDFs

v1.0.0

Extract clean readable text from PDF files into agent-ready markdown. Multi-page, tables, headers. No external services.

0· 305·2 current·2 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code: a local PDF extraction utility. Optional dependency on the npm package 'pdf-parse' and a fallback to the system 'pdftotext' binary are coherent with extracting text from PDFs.
Instruction Scope
SKILL.md simply documents usage and features. The runtime code reads arbitrary file paths (pdfPath) and creates a local output directory ('./pdf-output'). Reading files is necessary for the stated task, but because the code accepts filesystem paths, be cautious about feeding untrusted paths or PDFs (parsers can have vulnerabilities).
Install Mechanism
No install spec is provided (instruction-only), and the shipped code uses only standard Node APIs and optionally an npm package. No remote downloads or obscure install URLs are used.
Credentials
The skill requires no environment variables, no credentials, and no config paths. File system access (read PDF files, create output directory) is proportionate to its function.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It creates a local './pdf-output' directory but does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims: local PDF text extraction. Before installing, consider: (1) optional dependency: install 'pdf-parse' for best results or ensure 'pdftotext' is available on the system; (2) it reads arbitrary file paths and creates a './pdf-output' directory — avoid running it with elevated privileges and do not feed highly sensitive or untrusted PDFs to parsers without sandboxing, since PDF parsers can have vulnerabilities; (3) there are no network calls or secret requests in the code, but if you add or modify the skill, re-check for any external endpoints. If you need stronger isolation, run the skill in a container or restricted environment.

Like a lobster shell, security has layers — review code before you run it.

documentsvk974p9md9z54b3y7c29j2sk0wx82qnkjextractionvk974p9md9z54b3y7c29j2sk0wx82qnkjlatestvk974p9md9z54b3y7c29j2sk0wx82qnkjparsingvk974p9md9z54b3y7c29j2sk0wx82qnkjpdfvk974p9md9z54b3y7c29j2sk0wx82qnkjpdf-extractvk974p9md9z54b3y7c29j2sk0wx82qnkjtextvk974p9md9z54b3y7c29j2sk0wx82qnkj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments