ClawHub

Encrypted File Reader

v1.0.0

读取本地授权访问的加密及受保护文本、Word和Excel文件内容,支持企业安全策略环境下的合法文件读取。

0· 367·3 current·3 all-time
by@endcy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim to read local (including protected) Office and text files. The shipped Python script reads text files, extracts XML from .docx and .xlsx ZIP packages, and uses only standard library modules—this matches the stated primary purpose. There are no unrelated environment variables, binaries, or services requested. The only mismatch: the description suggests handling 'encrypted/受保护' files accessible to authorized apps; the code does not implement decryption or password-unlocking of password-protected Office files and will fail on truly encrypted Office packages.
Instruction Scope
SKILL.md instructs running the included Python script on a local path, and provides examples; it does not instruct reading unrelated system files or exfiltrating data. Note: the documentation claims '自动处理特殊编码' (automatic handling of special encodings), but the implementation always decodes text files as UTF-8 only, so it may error on files in other encodings.
Install Mechanism
No install spec or remote downloads; the skill is instruction-only with a local Python script and standard-library dependencies. No network fetch or archive extraction during install—low installer risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code uses only local file I/O and standard libraries—requested access is proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. Autonomous invocation is allowed by default (disable-model-invocation is false) but that is normal; there is no evidence the skill modifies other skills or agent-wide settings.
Assessment
This skill appears to be a simple local reader that extracts text from plain files and Office .docx/.xlsx packages; it does not contact external endpoints or request secrets. Before installing or using it: (1) be aware it does NOT bypass password protection or decrypt truly encrypted Office files—password-protected/encrypted .docx/.xlsx will likely fail; (2) its text reader always decodes as UTF-8 despite claims of automatic encoding detection—files in other encodings may error; (3) because it reads arbitrary local files, avoid running it against highly sensitive data unless you trust the environment and have inspected the code (which is short and uses only standard libs); (4) if you need decryption of protected files, look for explicit support for Office encryption/passwords or official APIs rather than relying on this tool. If you want higher assurance, verify the referenced GitHub repository and run the script in a controlled environment with non-sensitive test files first.

Like a lobster shell, security has layers — review code before you run it.

docxvk97d617p0wq2rs7b24va984bws821m8cencrypted-filevk97d617p0wq2rs7b24va984bws821m8centerprisevk97d617p0wq2rs7b24va984bws821m8cfile-readervk97d617p0wq2rs7b24va984bws821m8clatestvk97d617p0wq2rs7b24va984bws821m8cofficevk97d617p0wq2rs7b24va984bws821m8cprotected-filevk97d617p0wq2rs7b24va984bws821m8cxlsxvk97d617p0wq2rs7b24va984bws821m8c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments