ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paper Management System

v2.0.2

文献管理系统 - 自动化PDF文献索引、搜索、AI提炼工具。当用户需要管理PDF文献、自动索引、搜索文献、提取元数据时激活。

0· 100·1 current·1 all-time
by@crayfish-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included scripts: indexing, renaming, full-text extraction, and AI summarization. However, the metadata/README/requirements advertise OpenAI/Anthropic integration while ai_summarize.py contains only local heuristic text-processing (no openai/anthropic calls). Also the package expects system tools (python3, sqlite3 CLI, md5sum) although the skill's declared required binaries list is empty — a mismatch between declared requirements and actual script assumptions.
!
Instruction Scope
Runtime instructions (cron or manual) run the bundled shell and Python scripts which read/write local PDFs, logs, and an SQLite DB — that's expected. But ai_summarize.py's send_notification executes a configured notification command via shell (subprocess.run(..., shell=True)) and auto_index.sh invokes the sqlite3 CLI and moves/removes files; both allow arbitrary commands if the notification command or environment is misconfigured. The SKILL.md does not sufficiently warn users that notification configuration may run arbitrary shell commands or send data externally.
Install Mechanism
There is no installer that downloads code from external URLs; this is provided as source files and a requirements.txt. Installation is the usual pip install -r requirements.txt per README. No high-risk remote downloads or extract-from-URL steps are present.
Credentials
Environment variables are limited and appropriate for a local paper manager (PAPERMGR_* dirs, DB path, PAPERMGR_AI_ENABLED, OPENAI_API_KEY optional). That said, OPENAI_API_KEY is advertised as an option but the included ai_summarize.py does not use the OpenAI/Anthropic libraries — inconsistent documentation vs code. Also the skill.json marks OPENAI_API_KEY as sensitive (expected) and network access to api.openai.com is listed as optional; requiring that key would be proportionate only if the code actually used it.
Persistence & Privilege
The skill is not always-enabled, requests no platform-level privileges, and does not modify other skills or system-wide settings. It does read/write local filesystem paths under the project (papers, downloads, data, logs) which is expected for its purpose.
What to consider before installing
This package appears to be a legitimate local PDF management tool, but review these before installing: - Notification command risk: The notification feature executes whatever you configure as notification.cmd using a shell. Do not set this to an untrusted URL fetcher or arbitrary command; prefer 'stdout' or a vetted relay program. Treat notification.cmd as able to exfiltrate summaries if misconfigured. - Declaration mismatches: The scripts assume common system utilities (python3, sqlite3 CLI, md5sum) though the skill metadata lists no required binaries. Ensure these are available and run the tool in a controlled environment (container/VM) first. - OpenAI/Anthropic inconsistency: README/requirements mention OpenAI/Anthropic, but the summarizer code does not call those APIs. If you plan to enable networked AI summarization, inspect/modify code to use the provider safely and only supply an API key after review. - Sanity checks: Inspect config.yaml or env vars before running; back up any important PDF folders and the DB; run the scripts with notification disabled initially to confirm behavior; consider running in an isolated user account or container to limit filesystem access. If you want higher confidence, ask the publisher for a canonical repository or provenance (the skill references a GitHub URL); verify that the packaged code matches that upstream source and that any AI/networking calls are explicit and audited.

Like a lobster shell, security has layers — review code before you run it.

indexingvk97fwvng909xx6vp8q1e3dyvg984krv8latestvk97fwvng909xx6vp8q1e3dyvg984krv8papersvk97fwvng909xx6vp8q1e3dyvg984krv8pdfvk97fwvng909xx6vp8q1e3dyvg984krv8researchvk97fwvng909xx6vp8q1e3dyvg984krv8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments