← Back to Skills Marketplace
Remove password from PDF
by
CrossServiceSolutions
· GitHub ↗
· v1.0.0
1060
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install remove-password-from-pdf
Description
Remove password protection from a PDF by uploading it (with its current password) to the Solutions API, polling until completion, then returning a download URL for the unlocked PDF.
Usage Guidance
This skill will upload your protected PDF and its current password to a third-party API and return a URL for the unlocked file. Before installing or using it, consider: 1) The registry metadata does not declare the API key requirement even though the SKILL.md and script do — that should be fixed or explained. 2) There is no homepage or verifiable vendor information (owner is unknown); confirm the legitimacy of https://login.cross-service-solutions.com and the API domain (api.xss-cross-service-solutions.com) before sending sensitive documents or passwords. 3) If the PDF contains sensitive data, avoid using an untrusted third-party service — prefer local tools that remove PDF passwords offline. 4) If you must use this skill, test it with non-sensitive files first, and only provide an API key scoped and revocable for this service. 5) Additional information that would reduce concern: a verifiable project homepage or vendor identity, registry metadata updated to declare SOLUTIONS_API_KEY as the primary credential, and independent confirmation that the service handles uploaded files/passwords according to acceptable privacy/security policies.
Capability Analysis
Type: OpenClaw Skill
Name: remove-password-from-pdf
Version: 1.0.0
The skill's purpose is clearly defined as removing password protection from a PDF using a specific external API. The `SKILL.md` and `scripts/remove-password-from-pdf.py` consistently describe and implement this functionality. The code handles API keys and passwords securely by not logging them and sending them via appropriate HTTP methods. File access is limited to reading the specified PDF, and network communication is restricted to the declared API endpoint `api.xss-cross-service-solutions.com`. There is no evidence of data exfiltration, malicious execution, persistence, prompt injection attempts against the agent, or obfuscation.
Capability Assessment
Purpose & Capability
The skill's name/description match the code and SKILL.md: it uploads a password-protected PDF and the current password to a remote Solutions API and polls for a result. However the registry metadata lists no required environment variables or primary credential, while both SKILL.md and the script require an API key (SOLUTIONS_API_KEY or passed via --api-key). That metadata omission is an incoherence that affects trust and automated vetting.
Instruction Scope
The SKILL.md and the included script limit their actions to: read the supplied PDF file, accept the current password, upload both to the external API, poll job status, and return the download URL. That scope is consistent with the stated purpose. The important concern is that the instructions explicitly send both the sensitive PDF and its password to an external service (api.xss-cross-service-solutions.com) — expected for this functionality but a significant privacy/security risk if the service/operator are untrusted or malicious.
Install Mechanism
There is no install spec (instruction-only), lowering install risk. A small Python script and requirements.txt (requests) are included; running it requires installing requests. No download-from-unknown-URL or installer actions are present in the manifest.
Credentials
The skill requires an API key (used as a Bearer token) according to SKILL.md and the script (env var SOLUTIONS_API_KEY or --api-key), but the registry metadata lists no required env vars and no primary credential. This mismatch is concerning because it hides that a credential is necessary. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills or system-wide settings, and does not request persistent privileges. Model invocation remains allowed (platform default).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install remove-password-from-pdf - After installation, invoke the skill by name or use
/remove-password-from-pdf - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — remove passwords from PDF files via Solutions API.
- Accepts a password-protected PDF, current password, and API key.
- Uploads the file to the Solutions API and polls for job completion.
- Returns a download URL for the unlocked PDF along with job status and file name.
Metadata
Frequently Asked Questions
What is Remove password from PDF?
Remove password protection from a PDF by uploading it (with its current password) to the Solutions API, polling until completion, then returning a download URL for the unlocked PDF. It is an AI Agent Skill for Claude Code / OpenClaw, with 1060 downloads so far.
How do I install Remove password from PDF?
Run "/install remove-password-from-pdf" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Remove password from PDF free?
Yes, Remove password from PDF is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Remove password from PDF support?
Remove password from PDF is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Remove password from PDF?
It is built and maintained by CrossServiceSolutions (@crossservicesolutions); the current version is v1.0.0.
More Skills