Is awspace/pdf safe?

https://github.com/openclaw/skills/tree/main/skills/awspace/pdf

92
SAFE

The awspace/pdf skill is a pure markdown documentation file providing legitimate PDF processing guidance using established Python libraries (pypdf, pdfplumber, reportlab) and command-line tools. No executable code, hooks, submodules, or exfiltration mechanisms were found, and canary file integrity was confirmed intact — reads of sensitive files during the audit are attributable to the audit harness, not the skill. Minor concerns include undisclosed companion files (forms.md, reference.md) referenced in instructions but not installed, and a proprietary license with no terms file present.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 98/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (4)

LOW Undisclosed companion files pre-referenced in SKILL.md -7

SKILL.md instructs the agent to 'read forms.md and follow its instructions' and 'see reference.md' for advanced features, but neither file is present in the installed skill. This creates a latent injection surface: if these files are ever added or made accessible, the agent would treat their contents as authoritative instructions without user awareness.

INFO Canary file reads from audit harness, not from skill -10

Six credential files were opened and read during the audit window. Timing analysis confirms these reads occurred during PAM/sudo initialization by the audit harness — 6 seconds before git clone began. The skill has no executable code and the canary integrity check confirms no exfiltration occurred.

INFO Proprietary license without terms file -10

License declared proprietary but LICENSE.txt is absent from the installed skill package.

INFO Repository provenance inconsistency in metadata -7

Commit URL in _meta.json references a different GitHub organization (clawdbot) than the install source (openclaw).