← Back to Skills Marketplace
371
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pdf-contract-redactor
Description
PDF contract redaction tool. Use when the user needs to redact sensitive information from scanned PDF contracts. The tool performs OCR to extract text, ident...
Usage Guidance
This skill appears to do what it says, but consider these practical cautions before using it:
- Credentials: The script expects your Alibaba AccessKey ID and Secret as command-line arguments; passing secrets on the command line can expose them via process listings and shell history. Prefer modifying the script to read credentials from a protected environment variable, a config file with restricted permissions, or a secrets manager.
- Redaction effectiveness: The tool overlays black rectangles on the original PDF pages. If the original PDF contains underlying selectable/searchable text or metadata, that underlying text may remain accessible even after the visual overlay. Verify redaction by attempting to select/copy text from the redacted PDF and consider flattening the PDF or exporting a rasterized final PDF to ensure irreversible removal.
- Error handling: The SKILL.md mentions exponential backoff for OCR failures but the implementation does not implement retries; expect possible dropped pages/text if the API call fails. Test with non-sensitive documents first.
- Privacy: The images are sent to Alibaba's OCR endpoint; only use with documents you are allowed to upload to that external service. If documents are highly sensitive, consider an offline OCR alternative.
- Validation: Run the tool on sample contracts and confirm that the fields you need are matched and redacted correctly (edge cases with layout/coordinates may cause false negatives/positives).
If you need stronger guarantees (no residual text, no external network calls), either modify the tool to use a local OCR engine and to flatten outputs, or withhold highly sensitive documents from being processed by cloud OCR services.
Capability Analysis
Type: OpenClaw Skill
Name: pdf-contract-redactor
Version: 1.0.0
The skill exhibits risky capabilities by handling sensitive cloud credentials and contract data, including the transmission of document content to an external OCR API (ocr.aliyuncs.com). While its behavior is aligned with the stated purpose, the script `scripts/redact_contract.py` contains a functional flaw in its authentication logic (missing HMAC signature) and creates a potential data leakage risk by exporting extracted sensitive values into an unencrypted local JSON file (`_fields.json`), which could lead to accidental exposure of the very data intended for redaction.
Capability Assessment
Purpose & Capability
The name/description match the included script and SKILL.md: the code converts PDF pages to images, calls Alibaba Cloud OCR, matches field names to nearby values, and draws black rectangles over value areas. Requiring Alibaba OCR credentials (provided at runtime) is coherent with the stated purpose.
Instruction Scope
SKILL.md instructions stay within the redaction task and the script follows them. Minor mismatches: SKILL.md says it will 'retry with exponential backoff' on API failures but the script's AliyunOCRClient simply catches exceptions and returns an empty list (no backoff). SKILL.md demonstrates passing credentials as CLI args (and the script expects them) — functionally OK but a security practice concern because command-line args are visible in process lists/shell history.
Install Mechanism
No install spec; the skill is instruction+script only. Declared Python dependencies (pymupdf, pillow, requests) are appropriate and proportional to the task and are standard packages from PyPI. Nothing is downloaded from arbitrary URLs or written to unexpected locations.
Credentials
The only sensitive credentials used are Alibaba AccessKey ID and Secret, which the script legitimately needs to call the OCR API. The registry metadata does not declare env vars but the SKILL.md and script expect the credentials as CLI args — this is coherent but risky (exposes secrets in ps/command history). The script does not require or attempt to read unrelated credentials or system config.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills or system configurations, and writes only local output files (<name>_redacted.pdf and <name>_fields.json). It does not request persistent elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pdf-contract-redactor - After installation, invoke the skill by name or use
/pdf-contract-redactor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of PDF Contract Redactor, a tool to redact sensitive values from scanned PDF contracts while preserving field names.
- Uses Alibaba Cloud OCR for accurate text extraction, including support for Chinese.
- Automatically matches field names to their values and redacts only the values using black rectangles.
- Outputs a redacted PDF and a JSON file listing all matched field-value pairs.
- Includes robust error handling and supports batch PDF processing.
Metadata
Frequently Asked Questions
What is Pdf Contract Redactor?
PDF contract redaction tool. Use when the user needs to redact sensitive information from scanned PDF contracts. The tool performs OCR to extract text, ident... It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.
How do I install Pdf Contract Redactor?
Run "/install pdf-contract-redactor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pdf Contract Redactor free?
Yes, Pdf Contract Redactor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Pdf Contract Redactor support?
Pdf Contract Redactor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pdf Contract Redactor?
It is built and maintained by chan (@chayjan); the current version is v1.0.0.
More Skills