v1.0.0

Paper Highlight

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:11 AM.

Analysis

This skill is a coherent PDF-highlighting workflow that runs a local Python annotator and installs a PDF library, with no artifact-backed evidence of hidden data theft or destructive behavior.

GuidanceBefore installing, be comfortable with a local Python script reading and annotating the PDFs you choose. Install dependencies from a trusted source, consider pinning PyMuPDF, and keep a backup copy of important or confidential papers.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

uv pip install pymupdf

The setup installs a third-party PDF library without pinning a version. This is directly related to the skill's PDF annotation purpose, but users should notice the dependency provenance.

User impactA future or compromised package version could behave differently from the one the author tested.

RecommendationInstall from a trusted package source and consider pinning a known-good PyMuPDF version before using the skill.

Unexpected Code Execution

SeverityInfoConfidenceHighStatusNote

SKILL.md

python3 scripts/highlight_paper.py input.pdf

The main workflow runs bundled Python code against a user-selected PDF. This local execution is central to the skill's purpose and is disclosed.

User impactThe script can read the selected PDF and create or modify annotated output files.

RecommendationRun it only on intended PDFs, keep backups of important originals, and review the output file before relying on it.