Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tencent Docs Reader
v1.0.0Read Tencent Docs spreadsheet via agent-browser copy-paste method. Supports reading any sheet tab and returns tab-separated text. 腾讯文档在线表格读取工具,支持指定子表,返回制表符分隔...
⭐ 0· 41·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and read_sheet.py align: the skill uses agent-browser to copy/paste canvas-rendered Tencent Docs spreadsheets. However, the repository also ships a check_weekly_report.py that is pre-configured for a specific DOC_URL, a QQ user id, and a hard-coded enterprise WeChat webhook. Those pieces are not necessary for a generic 'reader' library and create unexplained extra behavior.
Instruction Scope
SKILL.md documents using read_sheet.py and describes agent-browser interactions only. It does not mention that the included check_weekly_report.py will (after reading a doc) POST the results to a third-party webhook URL and attempt to notify a hard-coded QQ id. That means running the shipped scripts can transmit extracted data to external endpoints even though the skill description focuses on local extraction/output.
Install Mechanism
No install spec; instruction-only skill that relies on a globally installed agent-browser and Python. This is low-risk from an install/download perspective (no remote arbitrary binary downloads in the skill).
Credentials
The skill requests no environment variables, but the code embeds sensitive-looking constants (DOC_URL, QQ_USER_ID, and a qyapi.weixin.qq.com webhook key). Hard-coded endpoints/keys are disproportionate and effectively act as credentials/receivers for scraped data. The skill can also leverage the user's agent-browser session — if the browser is logged into Tencent, it could access non-public docs.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills/config. It does, however, invoke agent-browser which may use the user's browser/profile (see environment_proportionality).
What to consider before installing
This skill's core reader (read_sheet.py) appears coherent: it uses agent-browser to open a Tencent Docs link, copy the canvas-rendered table via clipboard, and return tab-separated text. However, inspect and treat the included check_weekly_report.py as potentially data-exfiltrating: it is hard-coded with a DOC_URL and an enterprise-wechat webhook key and will POST the scraped content to that webhook. Before running anything: (1) review and remove or change the hard-coded DOC_URL, webhook URL, and QQ id; (2) prefer running read_sheet.py directly and avoid running check_weekly_report.py unless you understand and trust the webhook recipient; (3) run in an isolated environment or with a throwaway agent-browser/profile to avoid exposing private, authenticated documents; (4) consider moving any real webhook keys to environment variables and verify the webhook owner; (5) if you need automated notifications, replace the example webhook with your own destination and audit network traffic. If you want me to, I can point out the exact lines to change or produce a sanitized version that only writes output locally.Like a lobster shell, security has layers — review code before you run it.
latestvk970n3pz0a6nvgfm0b781v8pvd84qj90
License
MIT-0
Free to use, modify, and redistribute. No attribution required.