ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

software-copyright

v1.0.0

用于生成软件著作权申请相关文档的工具。当用户需要填写软件著作权登记表、生成软件说明书、创建技术文档、准备软著申请材料时使用。支持中国软件著作权登记所需的各类文档模板和信息收集。

1· 52·0 current·0 all-time
by@grancy-zgs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included files: SKILL.md, templates, reference docs, and a Python script that generates application forms, manuals, and a technical-doc checklist. The requested inputs (software metadata, excerpts of source code) are appropriate and proportionate for producing soft著 materials.
Instruction Scope
SKILL.md confines actions to collecting user-provided software information and producing documents; it does not instruct reading system files, accessing networks, or using unrelated credentials. Note: the guidance to remove comments and empty lines from submitted source before formatting is unusual but aligns with the referenced submission rules; users should avoid sending secrets or private keys in source excerpts.
Install Mechanism
There is no declared install spec, but scripts/generate_docs.py will attempt to install python-docx at runtime via os.system('pip install python-docx') if the package is missing. This is a moderate operational concern (runtime package installation) but not unexpected for an instruction-only skill that produces .docx files. No external downloads or obscure URLs are used.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not read environment secrets or request unrelated tokens. The inputs it needs (software metadata and source excerpts) are appropriate for its purpose.
Persistence & Privilege
Skill is not marked always:true, does not request persistent system-wide configuration, and contains no autonomous privilege-escalating behaviors. It only writes generated documents to an output directory supplied at runtime.
Assessment
This skill appears to do what it says: generate soft著 application forms, manuals, and a source-code checklist. Before using it: (1) Do not submit full confidential source code or secrets — only provide the minimal code excerpts required for registration (front/back pages), and redact any sensitive data or keys. (2) Expect the script to call pip to install python-docx if it's not present — run in a controlled Python environment or virtualenv if you prefer. (3) Review generated legal/technical statements for accuracy (the skill helps draft documents but is not a legal advisor). (4) If you need offline use, run the included scripts locally rather than pasting code into a web UI. Overall the package is coherent and proportionate to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk975thxhq553c0qd857dmr6ez984d33k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments