Use when user wants to review material forms for data sharing catalogs, field completeness, platform consistency, and issue-list output. Triggers include「材料审核」「共享清单审核」「检查文档审查」「平台对接核对」「编目一致性检查」.
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a legitimate local document-review helper, but keep its outputs private and verify the publisher because it handles sensitive database details.
Before using this skill, verify the publisher because the embedded metadata differs from the registry entry. Use it only on materials you are authorized to review, be cautious with documents containing database credentials or internal platform details, and keep generated JSON/Markdown outputs private or redact them before sharing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It may be harder to confirm that the package and registry entry come from the same intended publisher.
The embedded package identity differs from the supplied registry metadata for owner, slug, and version, creating a provenance inconsistency to verify.
"ownerId": "kn78kes2876m76pm0wzjtcw2t982azrw", "slug": "nini-material-review", "version": "0.1.0"
Confirm the publisher/source before using this skill on sensitive documents, and reconcile the registry and embedded metadata.
Running the script processes local documents and creates local output files.
The skill tells the user how to run a local Python audit script. This is disclosed and central to the stated purpose, but it is still local code execution.
python material-review/scripts/material_review_audit.py --submission "待审核材料.docx" ... --output-dir "material-review/output"
Run the script only from a trusted copy of the skill and only on documents you are authorized to review.
Anyone who can view the submitted document or derived outputs may see database connection details or credential-like information.
The parser is designed to recognize database connection/account/password-related fields from submitted materials. That is relevant to the review purpose, but the data is sensitive.
"database_ip": ["连接IP", "数据库IP"], ... "readonly_account": ["只读账号"], "database_password_note": ["密码"]
Avoid including real passwords where possible, use only authorized materials, and redact sensitive fields before sharing outputs.
Sensitive catalog, contact, or database details may remain in the output directory after the review.
The skill writes structured extracted data and reports to local files, which may preserve sensitive contents from the reviewed materials.
输出文件:... structured_data.json:结构化填报数据 ... issues.json ... audit_report.md
Store outputs in a protected location, avoid synced/shared folders unless intended, and delete or redact files after use.