test-asdasdasd
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive documents such as contracts, forms, or financial reports may be sent to a remote service over an unencrypted default connection.
The artifact explicitly says local documents can be uploaded to a DPA file service, and the listed default endpoints use HTTP rather than HTTPS.
`document_url` 既可以是公网可访问的文件 URL,也可以是本地文件路径。 当传入本地路径时,工具会先上传到 DPA ... 默认端点:`http://imsfz.gjzq.cn:18087/.../upload`
Use this only with approved documents and an approved DPA endpoint; prefer HTTPS endpoints and confirm data retention, access control, and cleanup expectations before use.
The mismatch makes the package provenance and intended registry identity less clear.
The bundled metadata identifies a different owner/slug than the registry metadata for `test-asdasdasd`, which lists owner `kn7a4...` and slug `test-asdasdasd`.
"ownerId": "ps77ns7wpvmtfjkz7nrb3mxqd983njd1", "slug": "extract-structured-data-from-document"
Ask the publisher to align registry metadata, SKILL.md, and _meta.json before relying on the skill in sensitive workflows.