Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Universal Doc Processor
v2.0.0通用文档处理Skill - 支持所有格式、无大小限制、批量处理的智能文档分析与修改。 具备文件暂存与按需执行能力,遵循状态管理机制。 触发场景: - 用户上传任意格式文件后,等待用户明确任务指令 - 用户需要文档分析、修改、摘要、提取、翻译等操作 - 用户需要补充关键信息才能执行任务 核心规则: - 收到文件仅解...
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the implementation: the SKILL.md and scripts/processor.py implement multi-format parsing, state management, and ask for user instructions before processing. The parsing routines (PDF, Word, Excel, PPT, text, CSV, JSON, binary fallback) align with the described capabilities.
Instruction Scope
SKILL.md confines behavior to: receive files, store metadata, wait for user task, ask follow-up questions, and then execute. The code follows that flow. However SKILL.md claims automatic cleanup after 72 hours but the provided code is truncated and I did not find an explicit cleanup/garbage-collection implementation in the visible code — so retention semantics are asserted but not proven. Also the code will open arbitrary filesystem paths provided in file_list, which is required for file-processing but expands the attack surface if untrusted paths are passed into the skill.
Install Mechanism
No install spec (instruction-only + a local script) — this reduces supply-chain risk. The code conditionally imports third-party libraries (PyPDF2, python-docx, pandas/openpyxl, python-pptx). Those dependencies are not declared/installed by the skill; runtime will fall back to binary previews if libs are missing. This is coherent but means behavior will vary by environment; it does not pull remote code itself.
Credentials
The skill requests no environment variables or credentials. That is proportional to a document-processing skill. Note: it still reads files from file paths supplied to it (open/read), so the real risk depends on how the hosting environment supplies those paths and whether arbitrary system paths can be injected.
Persistence & Privilege
The skill retains uploaded files in its in-memory file list and explicitly supports multi‑round tasks. SKILL.md promises 72-hour cleanup, but the visible code does not show a robust persistence/cleanup mechanism. Retaining user documents increases privacy risk — consider whether files are stored encrypted, on-disk, or only in memory, and who can access them.
What to consider before installing
This skill appears to do what it says (multi-format parsing, state-managed "wait for user instruction" flow) and does not request secrets. Key things to check before installing or enabling it: 1) Confirm how your platform provides file paths to the skill — ensure untrusted inputs cannot cause it to open arbitrary system files. 2) Ask where uploaded files are stored (memory vs disk), whether they are encrypted, and whether the promised 72-hour deletion is actually implemented. 3) If you need full parsing features, ensure the necessary Python packages (PyPDF2, python-docx, pandas/openpyxl, python-pptx, chardet) are present or accept that fallback behavior will be a binary preview. 4) Test with non-sensitive files first to verify behavior and output. 5) If you require stricter guarantees, request adding explicit sandboxing, strict path validation (only allow skill-provided upload directories), and a clearly implemented cleanup routine. If you cannot get those assurances, treat the skill as high privacy risk and avoid uploading sensitive documents.Like a lobster shell, security has layers — review code before you run it.
latestvk973e70wea3xxap7xbkte1x42d84ctt6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.