← Back to Skills Marketplace

Pdf Toolkit

Name: Pdf Toolkit
Author: newaiguy

by Newaiguy · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

137

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-pdf-tools

Description

PDF工具箱 - 合并、拆分、压缩、转换PDF文件。支持批量处理，无需联网，本地执行。

Usage Guidance

This package mostly does what it says: local PDF operations using Ghostscript, poppler, ImageMagick, etc. Before installing or running it: - Verify missing files: SKILL.md mentions watermark.js, encrypt.js and decrypt.js but those scripts are not present — confirm whether those features are required and why they are missing. - Review the included scripts locally (they are small) before running. They invoke system commands with execSync and interpolate file paths into shell commands; filenames containing special characters could be misinterpreted and allow command injection. Avoid running these scripts on untrusted input or with untrusted filenames. - Be cautious about the recommended change to /etc/ImageMagick-6/policy.xml — that weakens ImageMagick protections for PDF handling and requires root. Understand the security tradeoff and prefer safer alternatives when possible. - Confirm and install the required system binaries (poppler-utils, ghostscript, ImageMagick, pdftk, img2pdf) from trustworthy package sources. - Prefer running the tools in a sandbox or non-privileged account and test on copies of sensitive files first. If you plan to run programmatically, consider wrapping calls to external binaries with safer APIs (execFile with args array) or sanitizing/validating all file paths. If you need certainty about absent features or want the watermark/encrypt capabilities, ask the publisher for a complete release or provide the missing scripts before trusting this skill on sensitive documents.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-pdf-tools Version: 1.0.0 The skill bundle provides PDF processing utilities but contains multiple shell injection vulnerabilities across its scripts (e.g., compress.js, merge.js, split.js, and extract-text.js). It uses child_process.execSync to execute system commands like gs, pdftotext, and pdftk without properly sanitizing file paths or user-provided arguments, which could allow for arbitrary command execution if filenames contain shell metacharacters.

Capability Assessment

⚠ Purpose & Capability

The name/description (local PDF merge/split/compress/convert) matches the included scripts for most features (merge, split, compress, pdf2img, img2pdf, extract-text). However SKILL.md documents additional features (watermark.js, encrypt.js, decrypt.js) that are not present in the file manifest — this mismatch could be an omission or indicate the package is incomplete/misdocumented.

⚠ Instruction Scope

Runtime instructions are local and consistent with the code (they call Ghostscript, pdftoppm, ImageMagick, pdftk, img2pdf). They do instruct editing system config (/etc/ImageMagick-6/policy.xml) which is a privileged change affecting system security policy. The scripts call external system commands via execSync with user-provided paths — this expands scope to interacting with system binaries and filesystem in ways that could be risky if inputs are malicious or unescaped.

ℹ Install Mechanism

This is instruction-only with included Node scripts (no install spec). SKILL.md suggests 'npx clawhub@latest install pdf-toolkit' but the skill bundle itself contains the scripts, so there's no remote download performed by the skill. The only external install action is a user-invoked suggestion (npx) — inspect that package before running it.

✓ Credentials

The skill requests no environment variables or credentials and requires only system PDF/image utilities (poppler-utils, ghostscript, ImageMagick, optionally pdftk/img2pdf). Those dependencies are proportional to a local PDF toolkit. There are no hidden credential or network requirements.

✓ Persistence & Privilege

always is false; the skill is user-invocable and allows model invocation (platform default). The skill does not request persistent system-wide privileges or attempt to modify other skills' configs. Note: editing system ImageMagick policy requires elevated privileges and should be done deliberately.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-pdf-tools
After installation, invoke the skill by name or use /openclaw-pdf-tools
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of pdf-toolkit: - Provides local PDF merge, split, compress, conversion, and text extraction tools - Supports PDF-to-image, image-to-PDF, watermarking, and encryption/decryption - All features work offline for privacy protection - Includes batch processing and CLI/API usage - Requires system dependencies: poppler-utils, ghostscript, imagemagick

Metadata

Slug openclaw-pdf-tools

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Pdf Toolkit?

PDF工具箱 - 合并、拆分、压缩、转换PDF文件。支持批量处理，无需联网，本地执行。 It is an AI Agent Skill for Claude Code / OpenClaw, with 137 downloads so far.

How do I install Pdf Toolkit?

Run "/install openclaw-pdf-tools" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pdf Toolkit free?

Yes, Pdf Toolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Pdf Toolkit support?

Pdf Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pdf Toolkit?

It is built and maintained by Newaiguy (@newaiguy); the current version is v1.0.0.

More Skills