nano-pdf

Functionally this skill's stated purpose (AI-assisted PDF editing) aligns with requiring an OPENAI_API_KEY and installing a CLI. However, the install instructions include a remote 'curl | sh' bootstrapper and an unpinned pip package install, which are supply-chain risk patterns. The requirement for an OpenAI API key implies document contents and instructions will be sent to external AI endpoints; the README does not disclose endpoint details, storage, or privacy guarantees, creating potential data-exfiltration concerns for sensitive PDFs. Overall, this appears to be a legitimate AI-powered CLI with normal supply-chain and privacy risks for this category of tool, but the use of a remote bootstrap script and lack of integrity/pinning increases risk and warrants caution. Verify the install script contents, prefer pinned package versions or checksums, and confirm where and how PDF contents and API keys are sent and stored before using with sensitive documents.