Universal (non-OpenClaw) Nutrient document processing skill for Agent Skills-compatible products. Best for Claude Code, Codex CLI, Gemini CLI, Cursor, Windsu...
Security Analysis
high confidenceThe skill's requirements and instructions are consistent with a document-processing connector for the Nutrient DWS API; it asks for the expected API keys and either curl or npx for two supported modes (direct API or MCP server).
Name/description (document processing, OCR, redact, convert, sign, etc.) align with the declared requirements: calls to api.nutrient.io, an npm MCP server package (@nutrient-sdk/dws-mcp-server) for MCP mode, and curl for direct API mode. The two environment variables (NUTRIENT_API_KEY and NUTRIENT_DWS_API_KEY) match the two modes and are plausible.
SKILL.md stays largely within the stated purpose and provides concrete curl examples and MCP configuration. The doc repeatedly asserts it will not access local files beyond those explicitly passed, but MCP server configuration includes a SANDBOX_PATH (a working directory) which — if misconfigured — could expose more local files; the skill delegates file selection to the agent/user. Also the SKILL.md claims keys are not stored, which is an author assertion that can't be verified from the instruction-only skill.
Install is an npm package (@nutrient-sdk/dws-mcp-server) invoked via npx (runtime download). That's expected for providing an MCP server, but it is a supply-chain risk compared with instruction-only curl usage: npx will fetch and run code from the npm registry. No opaque URLs or archives are used; the package is from npm which is a common distribution method.
The skill requires two API keys (NUTRIENT_API_KEY for direct API; NUTRIENT_DWS_API_KEY for MCP server). Requesting both is proportionate to offering two operational modes but may be redundant for some users. No unrelated credentials, system paths, or extra secrets are requested.
The skill is not always-enabled, is user-invocable, and does not request persistent system-wide configuration or special privileges. The MCP mode downloads code at runtime but does not require the skill be forced into every agent run.
Guidance
This skill appears to do what it says: it sends files to api.nutrient.io or runs an official Nutrient MCP server via npx. Before installing or running it: (1) Confirm you trust nutrient.io's privacy/data-retention policies for any sensitive documents you will process. (2) Prefer the curl/direct-API mode if you don't want npx to fetch and execute code at runtime; using npx introduces a supply-chain risk—inspect @nutrient-sdk/dws-mcp-server source/release history first. (3) When using MCP mode, set SANDBOX_PATH to a dedicated, limited folder so the server cannot be pointed at broad system paths. (4) Use a least-privilege Nutrient API key (separate account or key with minimal lifetime/privileges) for processing sensitive docs. (5) Note the SKILL.md claims it won't store keys or access files beyond those passed, but that is an assertion you cannot verify from the instructions alone—review the MCP package code if you need higher assurance. Finally, there's a minor metadata-version mismatch in _meta.json (1.0.0) vs registry version (1.1.1); this looks benign but you may want to confirm the package/source versions before use.
Latest Release
v1.1.1
Fix scanner metadata mismatch: add top-level homepage/repository and explicit openclaw requires env/bins/install metadata; keep safety boundaries
More by @jdrhyne
Published by @jdrhyne on ClawHub
