nano-pdf

SUSPICIOUS. The skill's stated purpose and usage are not consistent with the actual upstream package: it appears to describe a local PDF page-manipulation CLI, but the referenced package is a cloud-backed AI PDF editor requiring a Gemini API key and sending content to Google services. The install source is a normal PyPI package, so this is not confirmed malware, but the capability mismatch, omitted credential requirement, and undisclosed remote data flow make the skill internally inconsistent and risky.