Back to skill
Skillv1.0.1
ClawScan security
PDF Zusammenfügen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 6:21 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it provides a local Python script to merge PDFs, its instructions match the code, and it does not request credentials or perform network access.
- Guidance
- The skill appears safe and coherent: it runs a local Python script to merge PDFs and does not exfiltrate data or require credentials. Before installing/using: (1) review the small script locally (it is included) to confirm behavior; (2) run it in a virtual environment as documented; (3) keep backups of important files before overwriting outputs; (4) be aware the package/source has no homepage listed — obtain updates from a trusted source if you rely on it long-term. If you need higher assurance, run the script on a non-sensitive test PDF set first.
Review Dimensions
- Purpose & Capability
- okThe name/description (PDF merging and creating application PDFs) matches the provided script and SKILL.md. The included Python script implements merging and the SKILL.md documents how to run it. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md instructs creating a venv, installing pypdf, and running scripts/merge_pdfs.py with local paths. It does not ask the agent to read other system files, environment variables, or send data to external endpoints. It references a privacy-oriented website as a user-facing reference only.
- Install Mechanism
- okThere is no automated install spec. The SKILL.md suggests manually creating a Python virtualenv and pip-installing pypdf, which is appropriate and low-risk for this task.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The script does not access secrets or external services. Requested permissions are proportional to the stated purpose.
- Persistence & Privilege
- okThe skill does not request permanent presence (always is false) and does not modify other skills or system-wide settings. It operates on local files when invoked.