Book Walker
ReviewAudited by ClawScan on May 1, 2026.
Overview
Book Walker appears to be a coherent PDF reader, but it installs Python packages and persistently caches local PDF text and reading state.
This skill looks appropriate for interactive PDF reading. Before installing, be comfortable with installing the listed Python packages and with the fact that opened PDFs may be parsed, shown to the agent, processed by templates, and cached locally under your home cache directory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may download and run third-party Python packages needed for PDF parsing.
The skill declares a setup step that downloads unpinned Python dependencies from package repositories. This is normal for PDF parsing functionality, but package versions and provenance are not fixed in the artifacts.
python3 -m venv .venv && .venv/bin/pip install pdfplumber pypdfium2
Install only if you trust the package source; consider pinning or reviewing dependency versions in controlled environments.
Using the PDF listing feature may reveal the names and locations of PDFs in the workspace to the agent session.
The code recursively scans the workspace for PDF files when listing PDFs. This is disclosed by the command list and fits the document organization purpose, but it can enumerate local PDF filenames and paths.
for p in root.rglob("*.pdf"):Use the listing feature only in workspaces where exposing PDF filenames to the agent is acceptable.
Text extracted from PDFs, reading progress, and bookmarks may remain on disk after the reading session.
The cache manager stores parsed PDF data under the user's home cache directory; SKILL.md also describes per-PDF cached page JSON, state, and bookmarks. This is useful for progress and performance but persists document-derived text locally.
self.cache_dir = Path.home() / ".cache" / "deep-reading"
Avoid opening highly sensitive PDFs unless local caching is acceptable, and clear the cache directory if you do not want parsed text retained.
If a PDF contains adversarial instructions, those instructions could appear in the same processing context as the user's template.
The template workflow asks the agent to send the PDF block text and a template prompt to an LLM for processing. This is disclosed and purpose-aligned, but PDF text is untrusted content and could contain prompt-like instructions.
Agent 职责:解析该 payload 后,**由 Agent 调用 LLM** 按 `template_prompt` 对 `original` 加工
Treat PDF text as quoted source material only, and do not let document contents override the user's request or safety rules.