Back to skill
Skillv0.1.0
ClawScan security
pdf · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 6:10 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files and instructions largely match a PDF processing toolkit, but there are notable implementation/dependency inconsistencies (missing declared runtime dependencies and a library monkeypatch) that you should understand before running it locally.
- Guidance
- This package appears to be a legitimate local PDF toolkit, but take these precautions before running it: - Install and review dependencies: the registry declares none, yet the code needs Python libraries (pypdf, pdfplumber, pdf2image, pytesseract, reportlab, pypdfium2, pandas, etc.) and command-line tools (poppler utils, qpdf, optionally pdftk and tesseract). Use a fresh virtualenv and system package manager to install them. - Inspect the code yourself: scripts read and write local files and modify PDF objects. Pay attention to fill_fillable_fields.py which monkeypatches pypdf internals as a workaround — this changes library behavior at runtime and could cause unexpected side effects depending on your pypdf version. - Run in an isolated environment (sandbox or dedicated VM) and test with non-sensitive documents first. Verify outputs and the validation images before using on production or confidential PDFs. - Validate third-party tool versions: features like OCR, image conversion, and annotations depend on specific versions of poppler/pytesseract/pypdf; mismatches can corrupt forms or annotations. If you want to proceed, request the skill author add an explicit install spec or a requirements list and document the system-level packages needed; that will make the package safer and easier to audit.
Review Dimensions
- Purpose & Capability
- noteThe name/description (PDF creation, extraction, merging, form filling) aligns with the included scripts and documentation. However, the registry declares no required binaries or credentials despite SKILL.md and the scripts relying on many external Python packages (pypdf, pdf2image, pdfplumber, pytesseract, reportlab, pypdfium2, pandas, etc.) and command-line tools (poppler utils: pdftotext/pdfimages/pdftoppm, qpdf, pdftk). The lack of declared runtime dependencies is an incoherence that affects usability and safety review.
- Instruction Scope
- okSKILL.md and forms.md give detailed, narrow instructions for local PDF processing: reading/writing PDFs, converting pages to images, building validation images, checking bounding boxes, and filling forms either via form fields or by adding text annotations. The instructions operate on local files and do not direct data to external endpoints. They do require the user/agent to run multiple scripts and to visually validate outputs, which is explicit rather than open-ended.
- Install Mechanism
- concernThere is no install spec. While that lowers automatic install risk, the included code depends on many third-party Python packages and system utilities that must be present. The skill does not declare or automate these installs, which increases the chance a user will run scripts in an improperly provisioned environment or miss needed system tools (e.g., poppler, tesseract).
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. All operations act on local files supplied by the user. There are no requests for unrelated secrets or external service tokens.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or modify other skills. It only provides runnable scripts and guidance; nothing indicates elevated platform privileges or automatic self-enablement.