Back to skill
Skillv2.0.2
ClawScan security
Book Walker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 12:01 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This PDF reader skill appears to do what it says (interactive, block/line navigation, search, bookmarks) and does not request unrelated credentials or network endpoints, but there are minor implementation inconsistencies you should be aware of before installing.
- Guidance
- What to consider before installing: - The skill will create a Python virtual environment and pip-install packages (pdfplumber and pypdfium2) into the skill directory; review those packages if you want to avoid installing new packages. - The SKILL.md/README mention PyMuPDF but the install command installs pypdfium2 and the code only imports pdfplumber — this mismatch is likely harmless but worth noting (OCR mode also requires a system tesseract binary if you use OCR). - The skill will scan your workspace for PDFs (it checks OPENCLAW_WORKSPACE or WORKSPACE_ROOT if set, otherwise guesses a workspace path) and will write per-PDF cache/state under ~/.cache/deep-reading (and create a .venv under the skill path). If you prefer different locations, inspect/modify the code before use. - The skill intentionally returns a structured payload marker (PDF_READER_TEMPLATE_PAYLOAD) for the agent to call an LLM; the skill itself does not call external LLMs or network endpoints. The agent may invoke an LLM on that payload — ensure you are comfortable with your agent's LLM usage and data flow. - No network endpoints, secrets, or unrelated credentials are requested by the skill. If you want extra caution, run the skill in an isolated environment or inspect the full omitted files for anything unexpected before enabling it.
Review Dimensions
- Purpose & Capability
- okName/description match the code: code parses PDFs, provides navigation, search, bookmarks, persistent per-PDF cache/state, and returns a structured payload for optional LLM processing by the agent.
- Instruction Scope
- okSKILL.md instructions align with code behavior: commands like '开始读', '下一句', '搜索', '书签' map to functions. The skill scans the workspace for PDFs (it reads OPENCLAW_WORKSPACE or WORKSPACE_ROOT if set, otherwise infers a workspace path), and it stores cache/state under a per-skill cache directory.
- Install Mechanism
- noteInstallation is a simple venv creation + pip install (pdfplumber, pypdfium2) invoked via a shell command in SKILL.md. This is moderate risk (running pip installs). Small inconsistency: SKILL.md and README mention PyMuPDF as a dependency but the provided install command installs pypdfium2; the code imports pdfplumber (present) but not pypdfium2/PyMuPDF. The install command hardcodes the workspace path (~/.openclaw/workspace-e/skills/book-walker) which may differ from where the platform places skills.
- Credentials
- okThe skill does not request environment variables or credentials. It does optionally read OPENCLAW_WORKSPACE or WORKSPACE_ROOT to locate the workspace; this is reasonable for a workspace-scanning PDF tool.
- Persistence & Privilege
- okalways=false and agent-invocable defaults are normal. The skill creates a virtualenv in the skill folder and uses ~/.cache/deep-reading for per-PDF caches and state; this is expected for a local reader but the locations and write behavior are persistent and will create files under your home directory.