ClawHub

U2-doc-parser

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a disclosed cloud document parser, but any file you parse is uploaded to UniDoc's UAT service, so use only non-sensitive documents.

Install and use this only if you are comfortable uploading the selected documents to UniDoc's UAT servers. Do not use private or confidential files, verify any UNIDOC_* environment variables before running, install dependencies from a trusted source, and avoid force-overwriting output paths.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI07: Insecure Inter-Agent Communication
Medium
What this means

Files you parse will leave your machine and be processed by a third-party service.

Why it was flagged

The skill's core workflow sends user-selected documents to an external UAT service. This is disclosed and purpose-aligned, but it is still a privacy-sensitive data flow.

Skill content
This skill uploads your documents to an external API service: `https://unidoc.uat.hivoice.cn` ... Documents are transmitted over the internet and processed on third-party servers
Recommendation

Use this only for non-sensitive test documents unless you have confirmed the provider's data handling, retention, and access controls.

#
ASI03: Identity and Privilege Abuse
Low
What this means

If these environment variables are set, the script may send an Authorization header to the configured UniDoc endpoint.

Why it was flagged

The script can use an optional API key and configurable base URL even though the registry metadata declares no environment variables or primary credential.

Skill content
BASE_URL = os.getenv("UNIDOC_BASE_URL", "https://unidoc.uat.hivoice.cn")
API_KEY = os.getenv("UNIDOC_API_KEY", "") ... headers['Authorization'] = f'Bearer {API_KEY}'
Recommendation

Check UNIDOC_BASE_URL and UNIDOC_API_KEY before use, and set credentials only for endpoints you trust. The skill metadata should declare these optional variables.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Users may install whatever current version of the dependency their package index provides.

Why it was flagged

The README requires a manual, unpinned dependency install, while the supplied install spec is absent. This is common and purpose-aligned, but it leaves dependency version/provenance to the user's environment.

Skill content
pip install requests
Recommendation

Install dependencies from a trusted Python environment and consider pinning versions or using a reviewed requirements file.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

Using force with the wrong output path could delete a directory on the local machine.

Why it was flagged

The output-path validation contains a force-overwrite branch that can recursively remove an existing directory. It is not the default path and appears user-directed, but it is a local destructive capability.

Skill content
if force:
    print(f"[WARN] Removing existing {path_type}: {safe_path}", file=sys.stderr)
    ... shutil.rmtree(safe_path)
...
f"  Use --force to overwrite"
Recommendation

Avoid force-overwrite behavior unless you have verified the output path. Prefer writing to a new file path.