Smart Image to PDF
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims: run a local Python script to combine user-selected images into a PDF.
This looks safe for combining images into a PDF. Before installing, note that it runs a local Python script and may fetch Pillow and numpy through uv; only provide image paths you intend to process and choose an output path you are comfortable writing to.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may download or use current versions of Pillow and numpy from the package ecosystem, which is normal for this task but adds a small dependency-provenance risk.
The skill asks the agent to run the included script with runtime package dependencies that are not version-pinned or declared in an install spec.
uv run --with Pillow --with numpy python3 <path-to-this-skill>/scripts/combine.py <input> -o <output.pdf>
Use in a normal trusted Python/uv environment; for stricter security, pin dependency versions before running.