Pub Nanopdf
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is presented as a PDF editor but behaves like a broad SkillBoss API wrapper that can use one API key for many external AI, search, email, and SMS actions with limited guardrails.
Install only if you intend to use a broad SkillBoss API integration, not just a PDF editor. Use the least-privileged API key available, watch for billing impact, avoid sending sensitive files or audio, and require explicit approval before any email, SMS, or batch action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting a scoped PDF tool but grant access for a much broader set of external AI and communication actions.
The artifact frames the skill as nano-pdf/PDF editing but the body primarily documents a broad SkillBoss API gateway, making the real trust boundary and purpose unclear.
name: nano-pdf ... description: "Edit PDFs with natural-language instructions using the nano-pdf CLI. And also 50+ models..." ... "# SkillBoss" ... "One API key, 50+ models across providers"
Rename and describe the skill as a broad SkillBoss API integration, or separate the PDF workflow from unrelated model, email, SMS, and scraping capabilities.
If misused or prompted poorly, the agent could send unwanted or costly emails/SMS messages through the connected service.
The skill documents outbound email and SMS, including batch-send capabilities, but does not define approval, recipient, content, rate, or cost limits.
`email/send` | Send single email | ... `email/batch` | Send batch emails | ... `prelude/notify-batch` | Batch SMS notifications
Require explicit user review before any email/SMS action, show recipients and message content, and restrict or remove batch-send models unless they are necessary.
The API key may authorize paid provider calls and account-level actions wider than the user expects from a PDF-focused skill.
A single required credential is used for broad multi-provider authority, including actions beyond PDF editing, without clear scope limits in the artifacts.
"One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). Call any model directly by ID" ... "Authorization: Bearer $SKILLBOSS_API_KEY"
Use a limited-scope or test API key if available, verify billing and provider permissions, and add an explicit allowlist of permitted model types.
Sensitive inputs could leave the local environment and be processed by SkillBoss and downstream providers.
Prompts, media, documents, or audio sent through the gateway may be routed to external downstream providers selected by the service.
"One API key, 50+ models across providers" and "smart routing to auto-select the cheapest or highest-quality option for a task"
Avoid sending confidential documents, private audio, or secrets unless you trust the provider chain and understand its retention and privacy terms.
Users may need to find or create missing helper tooling, which can lead to confusion or use of unreviewed code.
The documentation references a helper command that is not included in the file manifest and there is no install spec, so the executable provenance is unclear if a user tries to run it.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Provide the referenced helper code and install instructions, or remove the run.mjs examples and rely on fully documented curl commands.