Is dbmoradi60/habib-pdf-to-json safe?

https://github.com/openclaw/skills/tree/main/skills/dbmoradi60/habib-pdf-to-json

90
SAFE

The habib-pdf-to-json skill is a legitimate, documentation-only skill providing Python code examples for extracting structured data from construction PDFs using standard open-source libraries. No prompt injection directives, malicious code, sensitive file access instructions, or exfiltration mechanisms were found in the skill content. Canary file accesses observed in monitoring are attributable to the audit framework's own honeypot lifecycle (pre-clone setup and post-install verification), and all honeypot files remain unmodified with no credential data transmitted over the network.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 96/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 82/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

LOW Canary credential files read-opened during audit window -12

All six honeypot credential files were opened with read-only access at two points during the session. The first sweep (07:51:47) predates the git clone by five seconds, consistent with the audit framework writing and then reading canary files to establish baseline hashes. The second sweep (07:52:04) follows installation completion and matches the framework's post-install integrity check. No process in the EXECVE log from the skill installation chain is associated with these opens, and no network exfiltration of the file contents was detected.

LOW External URLs present in skill content -8

The Resources section of SKILL.md lists three external URLs. Depending on how the hosting agent interprets 'Resources', it may autonomously fetch these. The URLs resolve to a legitimate construction-tech company site and official open-source documentation; no malicious redirect or payload risk has been identified.

INFO Skill directs pip installation of multiple packages -4

The Installation section instructs users (or an agent following the skill) to pip-install seven packages. All are legitimate, widely-used open-source libraries with no known malicious variants at the pinned versions. No version pinning is specified, which is a minor supply-chain hygiene note but not an active threat.

INFO Slug mismatch between registry metadata and SKILL.md frontmatter 0

The _meta.json file registers the skill as 'habib-pdf-to-json' while the SKILL.md frontmatter declares slug 'pdf-to-structured'. This suggests the skill content was adapted from a generic template without updating the frontmatter. No security implication, but indicates low maintenance discipline.