Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pretext Reporter Bao

v0.1.0

文本测量和Canvas布局报告工具 - 基于Pretext库，支持多语言文本测量、行布局计算、可视化报告生成

⭐ 0· 22·0 current·0 all-time

byBillionB@baojun-billion

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description, SKILL.md API examples, and the bundled code (dist/ and pretext/) all align: the package implements text measurement, layout, flow layout, Markdown/JSON reporting and Canvas-report metadata. The SKILL.md states Pretext isn't on npm and instructs cloning from GitHub, yet the package already contains a full pretext/ subtree—this is a minor packaging inconsistency but not a security mismatch.

✓

Instruction Scope

Runtime instructions only show use of the pretext APIs, measurement and report-generation functions, and local Canvas reporting. The SKILL.md does not instruct reading unrelated system files or exporting secrets. However, an automated scan detected unicode-control-chars inside SKILL.md (see scan_findings_in_context) which can be used to hide or obfuscate text; review the raw SKILL.md for unexpected invisible characters before trusting it.

ℹ

Install Mechanism

This is instruction-only in the registry (no install spec), but the skill package includes built files and a vendored pretext/ directory. The SKILL.md suggests cloning GitHub, but you likely don't need to as sources are bundled—there's no remote binary download or extractor in the install spec, so install risk is low. Still, verify the bundled code origin if you rely on authenticity.

✓

Credentials

The skill requires no environment variables, no credentials, and no config paths. That is proportionate to the described functionality (local measurement and reporting).

✓

Persistence & Privilege

Skill flags are default (always: false, user-invocable true, autonomous invocation allowed). The skill does not request elevated or permanent platform privileges; nothing in the package modifies other skills or global agent config.

Scan Findings in Context

[unicode-control-chars] unexpected: Scanner found unicode control characters inside SKILL.md. Such characters are not required for a measurement/reporting skill and can be used to hide text or manipulate rendered instructions. This is likely harmless but should be inspected: view SKILL.md as raw bytes/hex or in a hex-capable editor to confirm no hidden directives.

Assessment

The package appears to do what it claims: text measurement, layout, and report generation using the Pretext code that is bundled. Before installing: 1) Inspect SKILL.md and README raw content for invisible/control characters (the scanner flagged unicode-control-chars). 2) Verify the author/repository (package.json points to a GitHub URL) and confirm you trust that source. 3) If you want to avoid surprises, run the package in a sandbox or isolated environment and examine network activity during tests — this skill should not need network calls at runtime. 4) Note the repo includes large corpora/text files; check for any copyrighted or sensitive data you don't want bundled. 5) If you were following SKILL.md instructions to git-clone the upstream Pretext repo, know that the pretext/ sources are already vendored in the package; reconcile which source you prefer and prefer official upstream releases where possible.

✗

pretext/scripts/accuracy-check.ts:196