巴厘岛旅游资源解析入库
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user points the skill at a folder containing other documents, those files could be deleted during cleanup.
The cleanup instruction deletes all non-result files in the user-provided target directory, not only files created by the skill, and does not require a preview, confirmation, backup, or quarantine.
“入库完成后,目标文件夹只保留结果 CSV 文件,一律删除” ... “任何非结果 CSV 的残留文件” ... “清理目标目录,保留结果CSV,删除其余所有文件”
Restrict cleanup to files created in the current run, show a deletion preview, require explicit confirmation, and move files to an archive/trash folder instead of permanently deleting them.
The agent may access or download more Google Drive documents than the user intended, especially from broad folders or My Drive links.
The Drive workflow can list files and download ambiguous documents from the provided Drive location. If the user provides a broad Drive URL, this may exceed the intended contract-only scope.
“调用 `google-drive` 技能,传入 Drive URL,列出所有文件” ... “如无法判断,一律下载”
Use a dedicated Drive folder containing only intended supplier contracts, require the agent to show the matched file list before download, and avoid any “download all if uncertain” fallback.
Bad input, an encoding mismatch, or an interrupted write could corrupt a production CSV used by the business.
The helper reads existing CSV rows, adds new rows, and rewrites the entire target CSV. There is no built-in backup, locking, atomic replace, or required dry-run before modifying production data.
“rows.extend(new_rows)” ... “with open(csv_path, "w", encoding="utf-8-sig", newline="") as f:” ... “writer.writerows(rows)”
Create a timestamped backup before writing, validate encodings and headers, use atomic file replacement with locking, and make dry-run plus user confirmation the default for production paths.
Installing external packages or skills introduces normal supply-chain risk.
The skill asks the user to install another skill and a Python package, but these setup steps are not pinned in an install spec. They are user-directed and aligned with the purpose.
“openclaw skills install google-drive” ... “pip install pdfplumber”
Install only from trusted sources, prefer pinned versions, and review the google-drive skill separately before granting Drive access.
If run against a shared Redis instance, other systems or agents could consume INSERT/UPDATE/DELETE resource events.
The included helper can publish resource update messages to a Redis Stream. This is not automatically invoked in the visible workflow, but it is an under-documented communication path.
“REDIS_HOST = os.environ.get("REDIS_HOST", "localhost")” ... “REDIS_STREAM = "resource_stream"” ... “r.xadd(REDIS_STREAM, message)”Document when Redis broadcasting is used, require explicit configuration, namespace the stream, and use authentication/TLS for non-local Redis deployments.