My Pdf Extract Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a straightforward PDF-to-Excel extraction guide, but the referenced extraction script is not included in the reviewed files.
This appears benign for local PDF extraction, but verify that any extraction script you run is the intended one and review it before execution because the script referenced by the documentation was not included in the reviewed package.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work as packaged, and users should not run any separately obtained or later-added script without reviewing it first.
The documentation instructs users to install unpinned Python dependencies and run a helper script, but the reviewed manifest contains only README.md and SKILL.md, so the actual extraction script was not available for review.
pip install pdfplumber pandas openpyxl ... scripts/ └── extract_exact.py # 提取脚本
Include the referenced script in the package, declare dependencies in install metadata, and preferably pin package versions or document trusted installation steps.