Back to skill
Skillv1.0.0
ClawScan security
document-management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 16, 2026, 6:20 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches its stated purpose (extract text, classify, and report on PDFs) but contains implementation/instruction inconsistencies and will perform filesystem changes (moving PDFs) that you should be aware of before installing or running.
- Guidance
- This skill largely does what it says: it extracts text from PDFs, classifies them, and generates a report from a template. However: - The SKILL.md and the script disagree on the script filename (SKILL.md expects extract_pdf_folder.py; provided file is scripts/analyze_pdf_folder.py whose usage text still references extract_pdf_folder.py). Expect invocation failures until names are reconciled. - The skill explicitly requires moving your PDF files into topic subfolders; these file moves are destructive if you run it on originals. Back up the folder or test on a copy first. - The Python script requires the pypdf package (pip install pypdf). There are no network calls or hidden endpoints in the code. Before installing/running: fix or confirm the script filename/command, make a backup copy of your PDFs, and ensure pypdf is available. If you need the file-moving automated, confirm whether the agent will perform safe moves (only within the provided folder) or whether you prefer to move files manually after classification.
Review Dimensions
- Purpose & Capability
- noteName/description align with the included files: a text-extraction script and a report template. However the SKILL.md repeatedly references a script named extract_pdf_folder.py (and example run commands likewise), while the repository provides scripts/analyze_pdf_folder.py whose usage/help text still mentions extract_pdf_folder.py — this filename mismatch indicates the skill is likely broken or out of sync. The SKILL.md requires automatic moving of files into topic folders, but no code in the repo implements that; the agent (or operator) will be expected to perform the move operations.
- Instruction Scope
- noteInstructions are limited to local PDF extraction, classification, creating subfolders, moving PDFs into those subfolders, and generating a single report from a template. All referenced filesystem paths are within the user-supplied folder and the provided template. No network endpoints or unrelated system files are referenced. Caveat: the SKILL.md instructs running a script filename that doesn't match the included script, so automated invocation may fail unless corrected. Also, the classification + file-move steps are specified as required but are left for the model/agent to perform (not implemented in the script), meaning the agent will have to perform potentially destructive file operations.
- Install Mechanism
- okNo install spec provided (instruction-only + one script). The script depends on the pypdf Python package (the script will exit with a message instructing pip install pypdf if missing). No downloads, remote executables, or unusual install steps are present.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The only required runtime dependency is pypdf, which is proportionate to extracting PDF text.
- Persistence & Privilege
- okalways is false and model invocation is allowed (normal). The skill does not request persistent or elevated platform privileges. It will read and write files inside a user-specified folder (including creating subfolders and moving PDFs), which is expected for its purpose but is a destructive action to note.