U2-doc-parser

ReviewAudited by ClawScan on May 1, 2026.

Overview

This appears to be a disclosed cloud document parser, but any file you parse is uploaded to UniDoc's UAT service, so use only non-sensitive documents.

Install and use this only if you are comfortable uploading the selected documents to UniDoc's UAT servers. Do not use private or confidential files, verify any UNIDOC_* environment variables before running, install dependencies from a trusted source, and avoid force-overwriting output paths.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI07: Insecure Inter-Agent Communication

What this means

Files you parse will leave your machine and be processed by a third-party service.

Why it was flagged

The skill's core workflow sends user-selected documents to an external UAT service. This is disclosed and purpose-aligned, but it is still a privacy-sensitive data flow.

Skill content

This skill uploads your documents to an external API service: `https://unidoc.uat.hivoice.cn` ... Documents are transmitted over the internet and processed on third-party servers

Recommendation

Use this only for non-sensitive test documents unless you have confirmed the provider's data handling, retention, and access controls.

Low

#ASI03: Identity and Privilege Abuse

What this means

If these environment variables are set, the script may send an Authorization header to the configured UniDoc endpoint.

Why it was flagged

The script can use an optional API key and configurable base URL even though the registry metadata declares no environment variables or primary credential.

Skill content

BASE_URL = os.getenv("UNIDOC_BASE_URL", "https://unidoc.uat.hivoice.cn")
API_KEY = os.getenv("UNIDOC_API_KEY", "") ... headers['Authorization'] = f'Bearer {API_KEY}'

Recommendation

Check UNIDOC_BASE_URL and UNIDOC_API_KEY before use, and set credentials only for endpoints you trust. The skill metadata should declare these optional variables.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users may install whatever current version of the dependency their package index provides.

Why it was flagged

The README requires a manual, unpinned dependency install, while the supplied install spec is absent. This is common and purpose-aligned, but it leaves dependency version/provenance to the user's environment.

Skill content

pip install requests

Recommendation

Install dependencies from a trusted Python environment and consider pinning versions or using a reviewed requirements file.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Using force with the wrong output path could delete a directory on the local machine.

Why it was flagged

The output-path validation contains a force-overwrite branch that can recursively remove an existing directory. It is not the default path and appears user-directed, but it is a local destructive capability.

Skill content

if force:
    print(f"[WARN] Removing existing {path_type}: {safe_path}", file=sys.stderr)
    ... shutil.rmtree(safe_path)
...
f"  Use --force to overwrite"

Recommendation

Avoid force-overwrite behavior unless you have verified the output path. Prefer writing to a new file path.