UAP Release Analyzer
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: uap-release-analyzer Version: 1.0.1 The uap-release-analyzer skill is a legitimate toolset designed for processing and analyzing declassified document tranches, such as FOIA releases. It consists of a well-structured pipeline of Python scripts (inventory.py, extract_text.py, analyze.py, build_report.py) that use standard libraries like pdfplumber and pypdf to extract metadata and text, perform keyword-based entity analysis, and generate a comprehensive markdown report. The bundle includes detailed documentation and references for handling specific data sources (e.g., war.gov) and classification markers. No evidence of malicious behavior, data exfiltration, or harmful prompt injection was found; all code and instructions are strictly aligned with the stated purpose of document analysis.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can read PDFs/images in the chosen folder and create output files there.
The skill explicitly tells the agent to execute bundled Python scripts on a user-provided path. This is central to the skill's document-analysis purpose, but users should understand that code will run locally.
When the user just says "analyze the release at `<path>`", run all four in sequence with that path.
Run it only on folders you intend to analyze, preferably in a normal user account or sandbox rather than with elevated privileges.
A future dependency version could behave differently from the author's tested environment.
The Python dependencies are installed from the package ecosystem without version pins. This is common and purpose-aligned, but less reproducible and more supply-chain-sensitive than pinned installs.
python3 -m pip install pdfplumber pypdf
Use a virtual environment and consider pinning known-good versions of pdfplumber and pypdf before repeated or sensitive use.
If the input folder contains sensitive or private documents, extracted text and summaries may remain on disk and could be included in backups or cloud sync.
The workflow persists extracted document text, analytics, and summaries under the release directory. This is expected for the purpose, but it can create additional local copies of document contents.
text/ # extracted text per PDF (created) analytics/ # aggregated outputs (created) REPORT.md # human-readable analytic writeup (created)
Use the skill on intended declassified/public folders, avoid shared or synced locations for sensitive material, and delete generated text/analytics files when no longer needed.
If used, the agent may interact with an external government website and download files into the user's workspace.
The reference material documents optional browser or shell-based scraping/download workflows for war.gov. It is disclosed and related to obtaining public release files, but it expands the workflow beyond purely local analysis.
If you need shell `curl`/`wget`, ask the user to allowlist `www.war.gov`. Otherwise drive everything through the browser MCP and save via `<a download>`.
Only allow network/browser scraping when you explicitly want the agent to fetch those public files, and review the target domain and destination folder first.