Back to skill
Skillv1.0.0
ClawScan security
Pdf Poppler Utils · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 3:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a coherent, instruction-only skill that documents and wraps the poppler-utils command-line tools and its Homebrew install; its requirements and instructions match its stated purpose.
- Guidance
- This skill is a documentation wrapper around the standard poppler-utils CLI tools and appears coherent. Before installing or using: ensure you want Homebrew-managed poppler on your system; be cautious about the SKILL.md advice to unlink Homebrew curl (that can affect system networking and should only be done with explicit human approval); verify the poppler binaries will be installed from Homebrew and not a third-party tap; and avoid supplying owner passwords (-opw) or running these tools on PDFs you do not trust, since some options can bypass PDF protections or extract embedded attachments.
Review Dimensions
- Purpose & Capability
- okThe skill name/description, required binaries (pdfinfo, pdftotext, pdfimages, etc.), and the brew install of poppler are consistent and proportionate for a PDF utility collection.
- Instruction Scope
- noteSKILL.md contains only usage docs and examples for the included poppler tools. It also warns about Homebrew's curl dependency and recommends unlinking Homebrew curl (explicitly asking for human permission before doing so). The tools themselves accept owner/user password flags (e.g. -opw, -upw) which can bypass PDF restrictions — this is inherent to the tools but worth noting before using on sensitive PDFs.
- Install Mechanism
- okInstall uses a single Homebrew formula (poppler). Homebrew is a well-known package manager and this install method is appropriate for the described tooling. There are no downloads from arbitrary URLs.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths beyond the presence of the poppler binaries — appropriate for a CLI tool collection.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent privileges or modify other skills or system-wide configuration. It also does not enable autonomous privileged behavior beyond normal agent invocation settings.