Skillv1.0.4

ClawScan security

PDF Watermark · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 9:13 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a straightforward PDF text-watermarking tool and its code and instructions are consistent with that purpose; it does not request credentials or perform unexplained actions.
Guidance: This skill appears to be what it says: a local PDF watermarking script. Before installing/using it: (1) ensure Python packages pypdf and reportlab are installed (they are required but not documented); (2) only process PDFs you trust or have permission to modify — SKILL.md suggests using curl to download remote PDFs, so downloading untrusted files can be risky; (3) the script looks for system fonts in common locations to support Chinese text, which is normal; (4) run the script in a safe/test environment first to verify behavior and output naming; (5) no credentials are requested and the skill does not exfiltrate data based on the provided code, but always review and run code locally if you need to be certain.
Findings: [no_findings] expected: Static pre-scan reported no suspicious patterns. The script performs local PDF manipulation and writes an output file — this is expected for a watermarking tool.

Purpose & Capability: okThe name/description match the included script and instructions. The skill asks only for an input PDF (path or URL) and watermark text and does not request unrelated credentials, binaries, or config paths.
Instruction Scope: okSKILL.md stays within the stated purpose: it explains required inputs, optional parameters, how to run the included script, and how to download a remote PDF via curl before processing. It does not instruct reading unrelated files or exfiltrating data. One small omission: the README does not list required Python packages (pypdf, reportlab) that the script uses.
Install Mechanism: noteThis is instruction-only (no install spec). The included script depends on Python packages (pypdf, reportlab) but the skill does not provide an install step or document those dependencies — operational gap rather than malicious behavior.
Credentials: okNo environment variables, credentials, or config paths are requested. The script probes standard system font paths locally to find a Chinese font, which is appropriate for the stated feature (Chinese support).
Persistence & Privilege: okalways is false and the skill does not attempt to modify other skills or system-wide agent settings. It runs ad-hoc and writes only the output PDF that the user specifies.