ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pdf Poppler Utils

v1.0.0

A collection of PDF manipulation tools from the poppler-utils package. Use when working with PDF files - extracting text, images, metadata, splitting, mergin...

1· 454·3 current·3 all-time
byXLion@xlionjuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description, required binaries (pdfinfo, pdftotext, pdfimages, etc.), and the brew install of poppler are consistent and proportionate for a PDF utility collection.
Instruction Scope
SKILL.md contains only usage docs and examples for the included poppler tools. It also warns about Homebrew's curl dependency and recommends unlinking Homebrew curl (explicitly asking for human permission before doing so). The tools themselves accept owner/user password flags (e.g. -opw, -upw) which can bypass PDF restrictions — this is inherent to the tools but worth noting before using on sensitive PDFs.
Install Mechanism
Install uses a single Homebrew formula (poppler). Homebrew is a well-known package manager and this install method is appropriate for the described tooling. There are no downloads from arbitrary URLs.
Credentials
The skill requests no environment variables, credentials, or config paths beyond the presence of the poppler binaries — appropriate for a CLI tool collection.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or modify other skills or system-wide configuration. It also does not enable autonomous privileged behavior beyond normal agent invocation settings.
Assessment
This skill is a documentation wrapper around the standard poppler-utils CLI tools and appears coherent. Before installing or using: ensure you want Homebrew-managed poppler on your system; be cautious about the SKILL.md advice to unlink Homebrew curl (that can affect system networking and should only be done with explicit human approval); verify the poppler binaries will be installed from Homebrew and not a third-party tap; and avoid supplying owner passwords (-opw) or running these tools on PDFs you do not trust, since some options can bypass PDF protections or extract embedded attachments.

Like a lobster shell, security has layers — review code before you run it.

latestvk9737tmnbx07na51bxywgzj44n821xs0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binspdfinfo, pdftotext, pdffonts, pdfimages, pdfdetach, pdfseparate, pdfunite, pdfsig, pdftohtml, pdftoppm, pdftocairo, pdftops, pdfattach

Install

Install poppler (brew)brew install poppler

Comments