ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alicloud Ai Text Document Mind

v1.0.2

Use Document Mind (DocMind) via Node.js SDK to submit document parsing jobs and poll results. Designed for Claude Code/Codex document understanding workflows.

0· 1.2k·3 current·3 all-time
by@cinience
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and description match the code and SKILL.md: it submits and polls DocMind jobs. However, the published registry metadata declares no required environment variables or primary credential even though both SKILL.md and scripts use Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optionally ALICLOUD_REGION_ID). This mismatch between claimed requirements and what the code actually needs is a notable inconsistency.
Instruction Scope
Runtime instructions are mostly scoped to submitting jobs, polling results, and saving outputs (expected for a document-parsing provider). But there are small inconsistencies: SKILL.md shows constructing the endpoint dynamically using regionId, but scripts/quickstart.js hardcodes the endpoint to 'docmind-api.cn-hangzhou.aliyuncs.com' (ignoring regionId). The validation step runs a py_compile loop over *.py files (this repo contains only JS), which is irrelevant and suggests sloppy packaging. Otherwise the instructions do not attempt to read unrelated system files or exfiltrate data beyond normal API calls.
Install Mechanism
There is no install spec (instruction-only), which is lower risk. The SKILL.md instructs users to npm install specific @alicloud packages — this is expected for a Node.js SDK client. Because installation is manual (no automatic arbitrary URL downloads), install risk is moderate but typical for SDK-based skills. Verify the npm package publishers before installation.
!
Credentials
The code and SKILL.md require Alibaba Cloud credentials (access key ID/secret and optional region). The skill metadata, however, lists no required env vars or primary credential. This omission is significant: users may not realize they must provide cloud credentials, and the skill will read the credential provider chain at runtime. Also note the script reads DOCMIND_FILE_URL and will POST/GET network resources and write output files — those behaviors are proportional to the purpose but users should be explicit about what credentials and files they supply.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not declare elevated platform privileges, and does not modify other skills' configurations. It only writes artifacts to its own output directory as instructed in SKILL.md, which is expected for evidence and result storage.
What to consider before installing
This skill appears to be a DocMind client, but the package metadata is incomplete and some instructions are inconsistent. Before installing or running it: - Do not provide long-lived root Alibaba credentials blindly. Use least-privilege keys or temporary STS tokens. - Expect the code to read credentials from the environment or the SDK credential chain (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optional ALICLOUD_REGION_ID). The registry metadata should be updated to declare these — treat the current omission as a packaging bug. - Review the npm packages (@alicloud/docmind-api20220711, @alicloud/credentials, @alicloud/tea-util) on the npm registry to confirm publisher authenticity. - Note the quickstart script hardcodes the cn-hangzhou endpoint even though SKILL.md suggests using regionId; confirm endpoint behavior if you need another region. - The script will upload or request files by URL and write results to local output/ directories. Do not submit sensitive documents to publicly-hosted URLs unless you intend to make them public. - Because SKILL.md contains an unrelated Python validation step, inspect the repository locally and run the code in an isolated environment (or review the code) before supplying credentials or production data. If the author fixes the metadata to declare required env vars and removes the irrelevant validation step (or documents it), confidence in the package would increase.

Like a lobster shell, security has layers — review code before you run it.

latestvk972w1srajg6mambwd6efj5dc582qktm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments