← 返回 Skills 市场

Add watermark to PDF

Name: Add watermark to PDF
Author: crossservicesolutions

作者 CrossServiceSolutions · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1241

总下载

当前安装

版本数

在 OpenClaw 中安装

/install add-watermark-to-pdf

功能描述

Add a text watermark to one or multiple PDFs by uploading them to the Solutions API, polling until completion, then returning download URL(s) for the watermarked PDF(s) (or a ZIP if multiple).

使用说明 (SKILL.md)

\r \r

add-watermark-to-pdf\r

Purpose\r

This skill adds a text watermark to one or multiple PDFs by:\r

accepting one or multiple PDF files from the user,\r
accepting a watermark text string,\r
uploading them to the Solutions API,\r
polling the job status until it is finished,\r
returning download URL(s) for the resulting file(s).\r If multiple PDFs are processed, the output may include multiple PDFs and/or a ZIP for download.\r \r

Credentials\r

The API requires an API key used as a Bearer token:\r

Authorization: Bearer \x3CAPI_KEY>\r \r How the user gets an API key:\r
https://login.cross-service-solutions.com/register\r
Or the user can provide an API key directly.\r \r Rule: never echo or log the API key.\r \r

API endpoints\r

Base URL:\r

https://api.xss-cross-service-solutions.com/solutions/solutions\r \r Create watermark job:\r
POST /api/61\r
multipart/form-data parameters:\r
- files — required — multiple PDF files (multiple_files)\r
- text — required — string (watermark text)\r \r Get result by ID:\r
GET /api/\x3CID>\r \r When done, the response contains:\r
output.files[] with { name, path } where path is a downloadable URL (PDFs and/or ZIP).\r \r

Inputs\r

Required\r

One or more PDF files (binary)\r
Watermark text (text, string)\r
API key (string)\r \r

Optional\r

None\r \r

Output\r

Return a structured result:\r

job_id (number)\r
status (string)\r
outputs (array) containing { name, path } for each output file\r
Convenience fields:\r
- download_url (string) if exactly one output exists\r
- download_urls (array of strings) for all outputs\r
input_files (array of strings)\r
watermark_text (string) — returned only if safe; do not return if user considers it sensitive\r \r Example output:\r

{\r
  "job_id": 6101,\r
  "status": "done",\r
  "outputs": [\r
    { "name": "watermarked.pdf", "path": "https://.../watermarked.pdf" }\r
  ],\r
  "download_url": "https://.../watermarked.pdf",\r
  "download_urls": ["https://.../watermarked.pdf"],\r
  "input_files": ["input.pdf"]\r
}\r

安全使用建议

This skill appears to do what it claims, but there are some mismatches and privacy risks to consider before installing or using it: - Verify the service/domain: confirm that https://api.xss-cross-service-solutions.com and https://login.cross-service-solutions.com are legitimate and trustworthy before providing an API key. - Credentials: the SKILL.md and script require a Solutions API key (Bearer token), but the skill metadata does not declare it. Treat the API key as sensitive — only provide it to services you trust, and prefer passing it at runtime rather than storing it insecurely. - Output leakage: the script includes the API 'raw' response and by default returns watermark_text in its printed JSON. If your watermark or the API response may contain sensitive data, request the skill be modified to omit 'raw' and avoid returning watermark_text. - Base URL override: SOLUTIONS_BASE_URL can be changed; do not point it to unknown hosts. If you plan to run this as an automated skill, consider locking or validating the base URL to a known good domain to prevent inadvertent exfiltration. - Inspect locally: because this package includes a runnable Python script, review and run it locally with non-sensitive test files first. Confirm behavior and outputs before granting the skill access to real documents or credentials. If you need higher assurance, ask the publisher for: a homepage/source repo, explicit manifest entries declaring required env vars (primaryEnv), and a privacy/security statement describing how uploaded PDFs are handled and retained.

功能分析

Type: OpenClaw Skill Name: add-watermark-to-pdf Version: 1.0.0 The skill is designed to add watermarks to PDFs by interacting with a third-party API. It uses standard Python libraries (`requests`) for network communication and file handling. The `SKILL.md` and `README.md` clearly describe the purpose, required inputs (PDFs, watermark text, API key), and the external API endpoints (`api.xss-cross-service-solutions.com`). The skill explicitly declares `http` and `files` as allowed tools, which are necessary for its functionality. There is no evidence of data exfiltration beyond the stated purpose, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. The instruction to 'never echo or log the API key' in `SKILL.md` is a positive security practice.

能力评估

⚠ Purpose & Capability

The SKILL.md, README, and included Python script all implement the stated purpose (upload PDFs + watermark text to an external Solutions API and poll for results). However the registry metadata declares no required environment variables or primary credential even though the skill requires an API key (Bearer token). The skill also supports overriding the base URL via SOLUTIONS_BASE_URL, which is reasonable for testing but increases the attack surface if not constrained.

⚠ Instruction Scope

Instructions keep to the document-processing scope (accept files, upload them, poll result). They do not read unrelated system files. Concerns: (1) the SKILL.md and script recommend never echoing the API key, but the registry does not declare that credential — a mismatch; (2) the script includes 'raw' API response in its printed output and by default returns watermark_text in the result, which may leak sensitive information from either the user's watermark or fields included by the API.

✓ Install Mechanism

No install spec is present (instruction-only install), and the included code is a simple Python script with a single dependency 'requests'. There are no remote download/install steps or exotic package sources. This is a low install-risk scenario, though the repository includes executable script files that the agent or user may run locally.

⚠ Credentials

The declared registry metadata lists no required env vars or primary credential, but SKILL.md and the script clearly require an API key (SOLUTIONS_API_KEY or passed via --api-key). That mismatch is noteworthy: the skill needs a sensitive credential but the manifest doesn't advertise it. Additionally SOLUTIONS_BASE_URL can be overridden, meaning the skill could be pointed at an arbitrary endpoint to receive uploaded PDFs if misconfigured or maliciously modified.

✓ Persistence & Privilege

The skill does not request elevated persistence: always is false, it is user-invocable, and it does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install add-watermark-to-pdf
安装完成后，直接呼叫该 Skill 的名称或使用 /add-watermark-to-pdf 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release – Add a text watermark to one or multiple PDFs using the Solutions API. - Accepts one or multiple PDF files and watermark text. - Uploads files, polls job status, and returns download URLs for watermarked PDFs or ZIP. - Supports batch processing of multiple files. - API key authentication required. - Structured output includes job ID, status, input/output file info, and convenience download fields.

元数据

Slug add-watermark-to-pdf

版本 1.0.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题