ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pdf Studio

v1.0.4

Professional PDF document generator. Use when user needs to create reports, invoices, certificates, portfolios, or any publication-ready PDF. Supports images...

0· 64·0 current·0 all-time
by@tobewin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PDF generator) aligns with required binary (python3) and the SKILL.md which includes Python templates and recommends installing fpdf2 and pillow. The declared capabilities (images, tables, fonts, templates) are consistent with the libraries referenced.
Instruction Scope
SKILL.md contains prompts to collect document parameters from the user and a Python script template that generates PDFs. The instructions ask the agent to install libraries and run a Python heredoc to produce files. There are no instructions to harvest unrelated system files, access credentials, or send data to external endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). The SKILL.md recommends running `pip install fpdf2 pillow` at runtime — a normal choice for Python PDF generation. Installing third-party PyPI packages is expected but carries the usual supply-chain risk (review packages or run in a sandbox if you distrust the source).
Credentials
The skill declares no required environment variables, no credential access, and no config paths. That is proportionate for a document-generation skill which only needs local Python and libraries. The instructions likewise do not reference hidden env vars or credentials.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills or global agent configuration. Normal autonomous invocation is allowed (platform default) and does not by itself raise additional concern.
Assessment
This skill appears coherent and implements a PDF generator by running Python code and installing common libraries (fpdf2, pillow). Before using it: - Review the entire SKILL.md and template files (they're included) to confirm there are no unexpected network endpoints or commands you disagree with. The provided files appear local and template-focused. - Understand that following the instructions will install PyPI packages; if you don't trust the source, run the install and generation in an isolated environment (virtualenv, container, or sandbox) to limit risk. - The skill will read any image/files you provide and write PDF output to disk; avoid pointing it at sensitive directories you don't want written to or read. - If you need auditability, manually inspect the generated Python snippet for any commands that execute shell commands or reach out to external URLs (none are obvious in the provided excerpts). Overall, it's consistent with its stated purpose, but exercise the normal caution when running third-party Python code and installing packages from PyPI.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xeewjnjb9swqkpy64geerh83hq0c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📑 Clawdis
Binspython3

Comments