Safety Report

Nano Pdf

Name: Nano Pdf
Rating: 5 (100 reviews)
Author: steipete

@steipete

Edit PDFs with natural-language instructions using the nano-pdf CLI.

43,043Downloads

1,075Installs

100Stars

1Versions

CLI & Shell Tools1,805 Translation & i18n1,457 PDF & Documents1,388

Security Analysis

high confidence

Clean0.08 risk

The skill is internally consistent with its stated purpose (running the nano-pdf CLI to edit PDFs); it requests no credentials and contains only a short usage instruction, though the SKILL.md includes an install hint that should be checked before installing.

Feb 10, 20261 files2 concerns

Purpose & Capabilityok

Name/description match the runtime instructions: the SKILL.md shows a single CLI usage (nano-pdf edit ...). The skill does not request unrelated credentials, files, or services. The SKILL.md metadata also declares the nano-pdf binary and an install hint, which is coherent with the goal.

Instruction Scopeok

Instructions are narrowly scoped: they tell the agent how to call the nano-pdf CLI to edit a page and to sanity-check outputs. There are no instructions to read arbitrary files, exfiltrate data, or access unrelated system state.

Install Mechanismnote

Top-level registry metadata shows no install spec (instruction-only), but the SKILL.md metadata includes an install hint using an 'uv' package entry for 'nano-pdf'. This is a minor inconsistency and 'uv' is not a universally recognized installer; verify the suggested install step and package provenance (PyPI link is provided in the SKILL.md). No archive downloads or extract instructions are present.

Credentialsok

The skill requests no environment variables, credentials, or config paths. This is proportionate for a CLI wrapper that only invokes a local binary.

Persistence & Privilegenote

The skill does not set always:true and does not declare disableModelInvocation:true, so the model could invoke it when available. Because the skill has no privileged env access or secrets, this is low risk, but users who want to prevent autonomous CLI invocation should disable model invocation for this skill.

Guidance

This skill simply documents how to run the nano-pdf CLI and does not ask for secrets, so it's generally safe from a permissions perspective. Before installing/use: (1) confirm you trust the nano-pdf binary—check the PyPI project page linked in the SKILL.md and prefer official releases; (2) verify what the 'uv' installer means in your environment before running any install command; (3) only run the tool on non-sensitive test PDFs until you confirm output correctness; (4) if you don't want the agent to call the CLI autonomously, set disableModelInvocation or otherwise require explicit user invocation.

Latest Release

v1.0.0

More by @steipete

Gog

672 stars

Github

267 stars

Weather

229 stars

Frontend Design

186 stars

Openai Whisper

173 stars

Nano Banana Pro

164 stars

Published by @steipete on ClawHub