ClawHub
Back to skill
v1.0.0

MiniMax PDF

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:20 AM.

Analysis

The PDF features are mostly coherent, but the skill can install unpinned software into the local Python/npm environment and renders generated HTML in ways that deserve review before use.

GuidanceReview the scripts before installing or running. If you use this skill, install dependencies yourself in a virtual environment with pinned versions, avoid automatic global/system package changes, and only render trusted document metadata and trusted cover-image URLs or file paths.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
scripts/fill_write.py
subprocess.check_call([sys.executable, "-m", "pip", "install", "--break-system-packages", "-q", "pypdf"])

ensure_deps()

Running the fill script can automatically install an unpinned PyPI package into the local Python environment before normal operation, without a separate explicit install step.

User impactA normal PDF-fill operation may download and install software and may alter the user’s Python environment, creating supply-chain and environment-integrity risk.
RecommendationDeclare dependencies in the install spec, pin package versions, avoid --break-system-packages, and require explicit user approval before installing anything.
Unexpected Code Execution
SeverityMediumConfidenceMediumStatusConcern
scripts/cover.py
<div class="title">{t['title']}</div> ... '<div class="subtitle">' + t['subtitle'] + '</div>'

Cover text fields from tokens are interpolated directly into generated HTML without visible escaping; in the documented pipeline this HTML is rendered to PDF, so unsafe token text could become active markup/script.

User impactIf untrusted document metadata or user-provided text reaches these fields, it could cause unexpected browser-rendered HTML behavior during PDF creation.
RecommendationHTML-escape all user/document text before inserting it into cover HTML, sanitize any intentionally supported markup, and consider disabling JavaScript or restricting network access during rendering.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
design/design.md
cover_image ... containing an absolute URL or `file://` path to an image. The image renders via `<img src="...">` — Playwright fetches it at render time.

The skill deliberately allows cover rendering to fetch a user-provided URL or local file path, which is purpose-aligned but expands what the rendering tool can access.

User impactUsing remote cover images can contact external servers, and using file paths can read local image files into the output PDF.
RecommendationUse only trusted image URLs or local image paths, and prefer local vetted assets for sensitive documents.