test-asdasdasd
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: test-asdasdasd Version: 1.0.0 The skill bundle defines a tool for extracting structured data from documents (PDF, Word, Excel) by interacting with specific API endpoints belonging to Sinolink Securities (gjzq.cn). The tool follows a standard asynchronous processing workflow (upload, task creation, and status polling) and provides clear instructions for the AI agent to construct extraction schemas. No malicious intent, unauthorized data exfiltration, or suspicious execution patterns were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive documents such as contracts, forms, or financial reports may be sent to a remote service over an unencrypted default connection.
The artifact explicitly says local documents can be uploaded to a DPA file service, and the listed default endpoints use HTTP rather than HTTPS.
`document_url` 既可以是公网可访问的文件 URL,也可以是本地文件路径。 当传入本地路径时,工具会先上传到 DPA ... 默认端点:`http://imsfz.gjzq.cn:18087/.../upload`
Use this only with approved documents and an approved DPA endpoint; prefer HTTPS endpoints and confirm data retention, access control, and cleanup expectations before use.
The mismatch makes the package provenance and intended registry identity less clear.
The bundled metadata identifies a different owner/slug than the registry metadata for `test-asdasdasd`, which lists owner `kn7a4...` and slug `test-asdasdasd`.
"ownerId": "ps77ns7wpvmtfjkz7nrb3mxqd983njd1", "slug": "extract-structured-data-from-document"
Ask the publisher to align registry metadata, SKILL.md, and _meta.json before relying on the skill in sensitive workflows.