ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paper Reader

v1.0.0

Comprehensive PDF paper reader for academic research. Extracts text, figures, tables, and structured content from research papers with support for multimodal...

0· 139·1 current·1 all-time
by崔之行@changer-changer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a full CLI and Python API and lists Python dependencies (pdfplumber, pymupdf, Pillow) that are appropriate for a PDF reader, but the package contains no code files (no read_paper.py, no paper_reader module). That mismatch means the skill can't perform the claimed capabilities as distributed.
!
Instruction Scope
Runtime instructions explicitly tell the agent/user to run python3 ~/.openclaw/skills/paper-reader/read_paper.py and to import paper_reader — paths and modules that do not exist in this bundle. The instructions also direct reading PDFs and writing extracted outputs to arbitrary filesystem locations (e.g., ~/..., ./figures), which is expected for a paper-processing tool but should only be done by code you can inspect. There is no guidance about network activity (no explicit exfiltration), but the missing code makes it impossible to verify behavior.
Install Mechanism
There is no install spec (instruction-only), which is lower risk in itself. The README suggests running pip install pdfplumber pymupdf Pillow manually; that is reasonable for the declared dependencies, but because no code is bundled, there's nothing to install or verify from this skill package.
Credentials
The skill does not request environment variables, credentials, or config paths. The declared Python packages are appropriate for the stated purpose and do not imply additional secrets or cloud access.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. Model invocation is enabled by default (normal). The skill does not attempt to modify other skills or system-wide settings in the included materials.
What to consider before installing
Do not run the example commands or pip-install things on the basis of this package alone. The SKILL.md references scripts and a Python module (read_paper.py, paper_reader) that are not included — ask the publisher for the missing code or a proper install spec before installing. If you still want to use it, request: (1) the actual code files or a reproducible install (GitHub repo or PyPI package), (2) a clear statement of whether the tool performs any network calls and to which endpoints, and (3) a signed or verifiable author/source. If you must test now, do so in a restricted sandbox and inspect any downloaded/extracted files before running them. Because the package is incoherent as distributed, treat it as untrusted until the missing pieces are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fz3y1yqaqft6ag8z0ek374x834kf0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📑 Clawdis

Comments