ClawHub
Back to skill
v1.0.1

GLM-V-PDF-to-WEB

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:37 AM.

Analysis

This PDF-to-website skill mostly matches its stated purpose, but its crop helper can write output files outside the intended crops folder if given an unsafe name.

GuidanceReview or patch scripts/crop.py before installation so crop names cannot escape the intended output folder. Install the Python dependencies in a controlled environment, and only use the skill with PDFs or URLs whose contents you are comfortable having the agent and cropping subagents read.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/crop.py
stem = name or _safe_stem(img_path)
filename = f"{stem}_crop.png"
out_path = os.path.join(out_dir, filename)
cropped.save(out_path, format="PNG")

The default image-derived stem is sanitized, but a provided --name is used directly. If that name contains path separators, '..', or an absolute path, the crop output can escape the intended out_dir.

User impactA malformed crop name could write a PNG file outside the expected crops folder, potentially cluttering or overwriting files in locations the agent can write to.
RecommendationSanitize --name with the same safe-stem logic, reject path separators and absolute paths, and verify the resolved output path remains inside the intended crops directory before saving.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Python packages (install once):
```bash
pip install pymupdf pillow
```

System tools: `curl`

The skill requires external packages and a system tool, but the packages are unpinned and the registry requirements list no required binaries or install spec. This is a disclosed, purpose-aligned setup step, but users should install from trusted sources.

User impactInstalling unpinned packages can result in different package versions over time, including versions with bugs or supply-chain risk.
RecommendationInstall dependencies in a controlled Python environment and consider pinning known-good versions of PyMuPDF and Pillow.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
You MUST delegate ALL cropping to a clean subagent using the Agent tool... launch one subagent per source page

The skill intentionally shares source page images with subagents for visual localization. This is disclosed and scoped to cropping, but it expands where the PDF content is processed.

User impactSensitive document pages may be exposed to additional agent contexts during cropping.
RecommendationUse this skill only with PDFs you are comfortable having the agent and its subagents inspect, and keep subagent prompts limited to the target image and crop task.