ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

content-batch-processor(批量内容处理工具,支持文本格式化、摘要生成、关键词提取、文件格式转换等批处理操作,提升内容工作效率。)

v1.0.0

批量内容处理工具,支持文本格式化、摘要生成、关键词提取、多语言翻译等批量操作。

0· 107·2 current·2 all-time
bycareytian@careytian-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated features (formatting, summarization, keywords, translation, file conversion) align with needing read/write/pdf/image capabilities. However config.json also lists 'exec' and 'edit' in capabilities while the SKILL.md's declared required bins list does not include 'exec' or 'edit'—this mismatch could either be sloppy metadata or indicate the skill expects broader privileges than documented.
!
Instruction Scope
SKILL.md examples explicitly instruct reading directories, opening files/streams, renaming files, and writing output. Those actions match a batch processor, but they allow arbitrary file path access (read/write/rename) with no limiting scope. The instructions also assume helper functions (translate, pdf(..., prompt: ...), extractKeywords, createReadStream) whose network or external-service behavior is not documented—so data could be processed locally or routed externally depending on platform implementation.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing will be downloaded or written at install time according to the provided metadata.
Credentials
No environment variables or external API keys are requested, which is proportionate for local batch processing. That said, the skill's runtime examples call functions (e.g., translate, pdf) that might use network services—no endpoints or keys are declared.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request permanent or automatic inclusion; it does not declare modifying other skills or global agent settings.
What to consider before installing
This skill appears to implement expected batch text operations, but there are a few red flags: (1) metadata lists an 'exec' capability that isn't declared in requires.bins or shown in examples—ask the author why 'exec' is needed. (2) The skill will read and write arbitrary filesystem paths (readDirectory/getFiles/rename); only enable it with non-sensitive test directories or restrict its access. (3) Translation and PDF helper calls may use external services; confirm whether data leaves your environment and whether any API keys/endpoints are used. If you need to trust this skill, request its source or a homepage, or run it in a sandbox and test with dummy data first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a2kccchdbxhe78c28w53h7583v2mw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsread, write, pdf, image

Comments