Extract PDF
v1.0.0Process, convert, edit, and extract data from PDF files using the ComPDF Cloud API. Supports format conversion (Word, Excel, Image), page manipulation (merge...
⭐ 0· 95·0 current·0 all-time
byComPDF@youna12345
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (PDF processing via ComPDF Cloud) matches the instructions: the SKILL.md describes using ComPDF endpoints, selecting executeTypeUrl from the provided tool list, sending multipart POST requests, and handling responses. No unrelated credentials, binaries, or services are requested.
Instruction Scope
Instructions stay within the PDF-processing scope but include local file I/O (reading/writing config/public_key.txt) and uploading user files to third-party servers. The skill explicitly requires explicit user confirmation before any upload, which is appropriate; be aware the agent will write a plaintext API key file only if the user agrees.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to be written or executed by an installer, which minimizes installation risk.
Credentials
No environment variables or extra credentials are requested up front. The only secret is a user-provided ComPDF API key which the skill offers to save to config/public_key.txt. Saving the key in plaintext to a local file is functionally proportionate but has security implications (unencrypted secret storage).
Persistence & Privilege
always:false and no requests to modify other skills or system-wide settings. The only persistent artifact is the optional config/public_key.txt written under the skill's declared path; the SKILL.md states this file is created only with explicit user consent and can be deleted by the user.
Assessment
This skill appears to do what it says: it will upload files to ComPDF's servers to perform conversions and extraction. Before installing or using it, consider: (1) do not upload highly sensitive or confidential files—uploads go to api-server.compdf.com or .cn; the skill requires you to explicitly consent before each upload; (2) if you choose to save your API key, it will be stored as plaintext at config/public_key.txt—delete that file to revoke local storage; (3) review ComPDF's privacy policy and pricing before use; (4) prefer providing the API key for the current session only if you need stronger secrecy; and (5) if you operate in a regulated environment, verify whether sending documents to an external cloud service is permitted. Overall the skill is internally consistent, but treat external uploads and local plaintext storage of keys as the main operational risks.Like a lobster shell, security has layers — review code before you run it.
latestvk97fm1bexwty8xrbcve01m35vs839e5b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.