test-asdasdasd
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s document-extraction purpose is coherent, but it uploads local documents to DPA HTTP endpoints and has inconsistent package identity metadata.
Review this skill before installing if your documents are confidential. Confirm the DPA service is trusted, switch to HTTPS if possible, and clarify how uploaded files and extraction results are retained or deleted.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive documents such as contracts, forms, or financial reports may be sent to a remote service over an unencrypted default connection.
The artifact explicitly says local documents can be uploaded to a DPA file service, and the listed default endpoints use HTTP rather than HTTPS.
`document_url` 既可以是公网可访问的文件 URL,也可以是本地文件路径。 当传入本地路径时,工具会先上传到 DPA ... 默认端点:`http://imsfz.gjzq.cn:18087/.../upload`
Use this only with approved documents and an approved DPA endpoint; prefer HTTPS endpoints and confirm data retention, access control, and cleanup expectations before use.
The mismatch makes the package provenance and intended registry identity less clear.
The bundled metadata identifies a different owner/slug than the registry metadata for `test-asdasdasd`, which lists owner `kn7a4...` and slug `test-asdasdasd`.
"ownerId": "ps77ns7wpvmtfjkz7nrb3mxqd983njd1", "slug": "extract-structured-data-from-document"
Ask the publisher to align registry metadata, SKILL.md, and _meta.json before relying on the skill in sensitive workflows.