pdfly-cli Security Report — Low Risk | ClawSafe

10 /100

pdfly-cli

A pure-python CLI application for manipulating PDF files (compress, merge, split, rotate, sign, extract images/text, convert).

This skill consists entirely of documentation for the legitimate pdfly Python CLI tool. No executable code, scripts, or binary artifacts are present. All described functionality is benign PDF manipulation operations.

Skill Namepdfly-cli

Duration41.0s

Enginepi

✓

Safe to install

No action required. The skill is a pure documentation wrapper for a known-safe open-source CLI tool. Consider pinning the pip install version in documentation to follow best practice.

Findings 1 items

Severity	Finding	Location
Low	Unpinned pip install for pdfly Supply Chain SKILL.md instructs users to run 'pip install pdfly' without a version pin. This allows a future package version to differ from the tested version. `pip install pdfly` → Change to 'pip install pdfly==X.Y.Z' or use uv with a locked version to prevent silent dependency substitution.	`SKILL.md:8`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No filesystem access is declared, required, or present — SKILL.md describes a CL…
Network	`NONE`	`NONE`	—	No network activity is declared or present; external URLs are documentation link…
Shell	`NONE`	`NONE`	—	No shell execution in any file; the skill only describes CLI invocations users e…
Environment	`NONE`	`NONE`	—	No environment variable access declared or present
Skill Invoke	`NONE`	`NONE`	—	No skill invocation capabilities declared or present
Clipboard	`NONE`	`NONE`	—	No clipboard access declared or present
Browser	`NONE`	`NONE`	—	No browser access declared or present
Database	`NONE`	`NONE`	—	No database access declared or present

3 findings

🔗

Medium External URL 外部 URL

https://pypdf.readthedocs.io/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://pyfpdf.github.io/fpdf2/

SKILL.md:9

🔗

Medium External URL 外部 URL

https://endesive.readthedocs.io/

SKILL.md:9

File Tree

5 files · 11.0 KB · 455 lines

Markdown 5f · 455L

├─ ▾ 📁 references

│ ├─ 📝 cat.md Markdown 108L · 2.4 KB

│ ├─ 📝 page-ranges.md Markdown 78L · 2.0 KB

│ ├─ 📝 rotate.md Markdown 86L · 1.8 KB

│ └─ 📝 sign.md Markdown 100L · 2.1 KB

└─ 📝 SKILL.md Markdown 83L · 2.7 KB

Security Positives

✓ All 5 files are markdown documentation only — no executable code, scripts, or binary artifacts present

✓ No obfuscation techniques detected (no base64, eval, atob, or encoded strings)

✓ No credential harvesting, environment variable scanning, or sensitive file access

✓ No network exfiltration, C2 communication, or data theft behavior

✓ No reverse shell, RCE, or arbitrary command execution

✓ All referenced libraries (pypdf, fpdf2, endesive, pillow, cryptography) are well-known, established open-source projects

✓ Documentation is internally consistent with no doc-to-code mismatch since there is no code

✓ No hidden instructions in HTML comments or other steganographic hiding

✓ No suspicious IOCs (IPs, domains, malware hashes)

Scan Report

Findings 1 items

File Tree

Security Positives