← 返回 Skills 市场
137
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-pdf-tools
功能描述
PDF工具箱 - 合并、拆分、压缩、转换PDF文件。支持批量处理,无需联网,本地执行。
安全使用建议
This package mostly does what it says: local PDF operations using Ghostscript, poppler, ImageMagick, etc. Before installing or running it:
- Verify missing files: SKILL.md mentions watermark.js, encrypt.js and decrypt.js but those scripts are not present — confirm whether those features are required and why they are missing.
- Review the included scripts locally (they are small) before running. They invoke system commands with execSync and interpolate file paths into shell commands; filenames containing special characters could be misinterpreted and allow command injection. Avoid running these scripts on untrusted input or with untrusted filenames.
- Be cautious about the recommended change to /etc/ImageMagick-6/policy.xml — that weakens ImageMagick protections for PDF handling and requires root. Understand the security tradeoff and prefer safer alternatives when possible.
- Confirm and install the required system binaries (poppler-utils, ghostscript, ImageMagick, pdftk, img2pdf) from trustworthy package sources.
- Prefer running the tools in a sandbox or non-privileged account and test on copies of sensitive files first. If you plan to run programmatically, consider wrapping calls to external binaries with safer APIs (execFile with args array) or sanitizing/validating all file paths.
If you need certainty about absent features or want the watermark/encrypt capabilities, ask the publisher for a complete release or provide the missing scripts before trusting this skill on sensitive documents.
功能分析
Type: OpenClaw Skill
Name: openclaw-pdf-tools
Version: 1.0.0
The skill bundle provides PDF processing utilities but contains multiple shell injection vulnerabilities across its scripts (e.g., compress.js, merge.js, split.js, and extract-text.js). It uses child_process.execSync to execute system commands like gs, pdftotext, and pdftk without properly sanitizing file paths or user-provided arguments, which could allow for arbitrary command execution if filenames contain shell metacharacters.
能力评估
Purpose & Capability
The name/description (local PDF merge/split/compress/convert) matches the included scripts for most features (merge, split, compress, pdf2img, img2pdf, extract-text). However SKILL.md documents additional features (watermark.js, encrypt.js, decrypt.js) that are not present in the file manifest — this mismatch could be an omission or indicate the package is incomplete/misdocumented.
Instruction Scope
Runtime instructions are local and consistent with the code (they call Ghostscript, pdftoppm, ImageMagick, pdftk, img2pdf). They do instruct editing system config (/etc/ImageMagick-6/policy.xml) which is a privileged change affecting system security policy. The scripts call external system commands via execSync with user-provided paths — this expands scope to interacting with system binaries and filesystem in ways that could be risky if inputs are malicious or unescaped.
Install Mechanism
This is instruction-only with included Node scripts (no install spec). SKILL.md suggests 'npx clawhub@latest install pdf-toolkit' but the skill bundle itself contains the scripts, so there's no remote download performed by the skill. The only external install action is a user-invoked suggestion (npx) — inspect that package before running it.
Credentials
The skill requests no environment variables or credentials and requires only system PDF/image utilities (poppler-utils, ghostscript, ImageMagick, optionally pdftk/img2pdf). Those dependencies are proportional to a local PDF toolkit. There are no hidden credential or network requirements.
Persistence & Privilege
always is false; the skill is user-invocable and allows model invocation (platform default). The skill does not request persistent system-wide privileges or attempt to modify other skills' configs. Note: editing system ImageMagick policy requires elevated privileges and should be done deliberately.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-pdf-tools - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-pdf-tools触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of pdf-toolkit:
- Provides local PDF merge, split, compress, conversion, and text extraction tools
- Supports PDF-to-image, image-to-PDF, watermarking, and encryption/decryption
- All features work offline for privacy protection
- Includes batch processing and CLI/API usage
- Requires system dependencies: poppler-utils, ghostscript, imagemagick
元数据
常见问题
Pdf Toolkit 是什么?
PDF工具箱 - 合并、拆分、压缩、转换PDF文件。支持批量处理,无需联网,本地执行。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 137 次。
如何安装 Pdf Toolkit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-pdf-tools」即可一键安装,无需额外配置。
Pdf Toolkit 是免费的吗?
是的,Pdf Toolkit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pdf Toolkit 支持哪些平台?
Pdf Toolkit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pdf Toolkit?
由 Newaiguy(@newaiguy)开发并维护,当前版本 v1.0.0。
推荐 Skills