doc-export
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill does what it says, but it publishes conversation-derived documents to a hard-coded public web server path and keeps local archives without clear access controls or retention limits.
Use this only if you are comfortable with the generated document being placed on the configured public web server. Before invoking it, remove secrets from the conversation, confirm the server path is yours, and ask for both the public copy and archived local copy to be deleted when no longer needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A document may become publicly reachable on the internet, potentially exposing private conversation details, credentials, or configuration examples if they were included in the chat.
The skill instructs the agent to publish generated conversation-derived documents into a public web root and provide a public URL, but it does not specify access controls, redaction, or a final confirmation step before publication.
复制文件到 nginx web 目录:`/www/wwwroot/ucloud.demo.binyuli.top/` ... 下载链接格式:`https://ucloud.demo.binyuli.top/<文件名>`
Require explicit user approval before publishing, warn that the link is public, redact secrets, and use access controls or unguessable temporary links.
The agent may need elevated or server-specific filesystem authority, and a mistake could modify files in a live web directory.
The skill requires writing to absolute system/server paths, including a root-owned workspace path and an nginx web directory, while the metadata declares no required config paths, credentials, or environment requirements.
保存到 `/root/.openclaw/workspace/docs/` 目录 ... 复制文件到 nginx web 目录:`/www/wwwroot/ucloud.demo.binyuli.top/`
Declare the required paths and permissions, make the web root configurable, restrict writes to a dedicated subdirectory, and confirm ownership before use.
Private information from the conversation may remain on disk indefinitely even after the public download file is cleaned up.
The skill intentionally keeps an archive copy of generated documents after the web copy is deleted, but does not define retention duration, cleanup controls, sensitivity filtering, or whether future tasks may access the archive.
保留 `/root/.openclaw/workspace/docs/` 下的原始文档(作为归档)
Offer deletion of archived copies, set a retention policy, avoid storing secrets, and clearly tell the user what remains after cleanup.