← 返回 Skills 市场
79
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pdf-translate-skill
功能描述
Translate PDF documents or arXiv papers preserving formatting by extracting text and images, translating content, and generating a reconstructed LaTeX-based...
安全使用建议
This skill is coherent with its purpose but requires significant local tooling and performs network downloads and disk writes. Before using it: 1) Note the SKILL.md requires Python (pymupdf, pillow), curl/wget, and a LaTeX installation (XeLaTeX/TeX Live or MiKTeX). The registry metadata omits these — install them yourself or in a container. 2) Review the scripts (they are included) if you are concerned: they call curl/wget, extract tar.gz archives, and run xelatex/pdflatex via subprocess — run in a sandbox (container or VM) if you want to limit risk. 3) The skill downloads from arxiv.org only; do not run it on arbitrary/untrusted URLs without inspection. 4) No credentials are requested, but the tool writes files and executes system binaries — ensure you trust the environment and have disk space. If you want more assurance, run the scripts on sample documents inside an isolated environment first.
功能分析
Type: OpenClaw Skill
Name: pdf-translate-skill
Version: 1.0.0
The skill bundle is classified as suspicious due to a Path Traversal vulnerability (Zip Slip) in `scripts/download_arxiv_source.py` caused by the unsafe use of `tarfile.extractall()` on downloaded archives. While the skill's functionality for translating PDFs and arXiv papers appears legitimate, it utilizes high-risk operations such as downloading remote content via `curl`/`wget` and executing system binaries for LaTeX compilation in `scripts/compile_latex.py`. These features, combined with the lack of sanitization for archive members, present a significant security risk, although no evidence of intentional malice or data exfiltration was found.
能力评估
Purpose & Capability
The skill's name and description (translate PDFs / arXiv papers and produce LaTeX/PDF) match the included scripts and references. The code files implement PDF→images, image extraction, arXiv source download, and LaTeX compilation — all needed for the stated functionality. One inconsistency: the registry metadata lists no required binaries/env—but SKILL.md and the scripts clearly require system tools (curl/wget, XeLaTeX/pdfLaTeX) and Python packages. This appears to be an omissions in metadata rather than malicious misdirection.
Instruction Scope
Runtime instructions and scripts perform expected actions: detecting arXiv IDs/URLs, downloading arXiv e-print archives, extracting .tex files, converting PDF pages to images, extracting embedded images, translating TeX content conceptually (the SKILL.md describes translation rules), and compiling LaTeX via xelatex/pdflatex. The scripts read and write files in local directories and call external commands (curl/wget/xelatex) — all consistent with the stated tasks. They do not reference or exfiltrate unrelated system files, nor do they require credentials. The seller's instructions to 'use the agent's multilingual capabilities' implies translation happens locally in the agent workflow (no external translation API is invoked).
Install Mechanism
There is no install spec (instruction-only install) which minimizes automated code installation risk. However, the SKILL.md lists several manual prerequisites (Python packages, XeLaTeX/TeX Live or MiKTeX, curl/wget). The code uses subprocess calls to system binaries. Because installation is manual, the user must install large toolchains (TeX) themselves — this is expected for LaTeX compilation but worth noting as a non-trivial dependency.
Credentials
The skill declares no environment variables or credentials, and none are required by the scripts. Network access is used only to fetch arXiv e-prints (https://arxiv.org/e-print/{id}) via curl/wget/urllib which is appropriate for the arXiv download feature. No secrets, keys, or unrelated service credentials are requested.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not attempt to modify other skills or agent-wide configuration. It runs local file operations and external commands in the working directories only (no system-wide changes are performed by the scripts).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pdf-translate-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/pdf-translate-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of pdf-translator skill.
- Translates PDF documents while preserving original formatting, including layout and embedded images.
- Supports two modes:
- arXiv Mode: Accepts arXiv ID/URL, downloads source TeX, translates content, and compiles back to PDF with high fidelity.
- Local PDF Mode: Processes local PDF files by converting pages to images, analyzing layout, extracting and translating text, and regenerating the document with LaTeX.
- Automatically detects and chooses the best mode depending on user input and arXiv source availability, with fallback if needed.
- Maintains structure of figures, math, citations, and bibliography in translated documents.
- Provides detailed instructions for prerequisites and installation.
元数据
常见问题
pdf-translate-skill 是什么?
Translate PDF documents or arXiv papers preserving formatting by extracting text and images, translating content, and generating a reconstructed LaTeX-based... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 79 次。
如何安装 pdf-translate-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pdf-translate-skill」即可一键安装,无需额外配置。
pdf-translate-skill 是免费的吗?
是的,pdf-translate-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
pdf-translate-skill 支持哪些平台?
pdf-translate-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 pdf-translate-skill?
由 Zexun Lin(@overdue-lin)开发并维护,当前版本 v1.0.0。
推荐 Skills