ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TextIn xParse Document Parse

v0.1.0

Parse documents into clean markdown or structured JSON via the xparse-cli. Use this skill when the user provides a PDF, image, Office file, HTML, OFD, or oth...

1· 48·0 current·0 all-time
by@intsig-textin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to parse documents and all runtime instructions focus on using an xparse-cli to convert files to markdown or JSON. Optional credentials (XPARSE_APP_ID / XPARSE_SECRET_CODE) are relevant to the paid API described. The functional requirements are consistent with the stated purpose.
!
Instruction Scope
SKILL.md tells the agent to check and, if missing, install and run the xparse-cli. It includes many actionable commands (parse, parse --view json, include-char-details, etc.) that are within scope. However the instructions also recommend executing an installer via `curl ... | source` (Linux/macOS) and `irm ... | iex` (PowerShell) and refer to running `bash ~/xparse-parse/setup.sh` (a script that is not present in the package). Those install/run recommendations give the agent broad discretion to execute remote code and to create files under the home directory.
!
Install Mechanism
There is no registry install spec, but SKILL.md provides an install one-liner that downloads and executes a script from https://dllf.intsig.net/... using `curl | source` and a PowerShell `Invoke-RestMethod | iex` line. Download-and-exec from an arbitrary host (not GitHub releases or another well-known release host) is high-risk because it executes unreviewed remote code. The install mechanism is not captured in registry metadata and is therefore a hidden installation surface the agent may follow.
Credentials
The only secrets mentioned are XPARSE_APP_ID and XPARSE_SECRET_CODE, which are appropriate for a paid parsing API. The registry lists no required env vars (they are optional in docs), which is consistent but worth noting: the skill will ask users to configure credentials if they hit free-tier limits. The skill also writes credentials to ~/.xparse-cli/config.yaml per the docs — expected but persistent.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. However the provided install instructions create files in the user home and may write persistent CLI config. Because the agent is allowed to invoke skills autonomously by default, an agent could choose to run the remote install command unless you prevent it — combine that with the download-and-exec issue above and there's a real operational risk.
What to consider before installing
This skill appears to do what it says (document parsing) and only needs optional TextIn credentials for paid features, but its install instructions are risky: they tell you to run a remote install script by piping curl/irm into a shell/PowerShell from dllf.intsig.net (not a well-known, verifiable release host). Before installing or letting an agent run these commands: 1) do NOT blindly run the curl|source or iex one-liners — download the script first and inspect it, or obtain the binary from an official release page or signed package; 2) ask the skill author for an explicit install spec or a known release URL (GitHub release, vendor site) and a checksum/signature; 3) if you must use the installer, run it in a sandbox or isolated environment and rotate any credentials afterwards; 4) avoid letting the agent autonomously run the installer — require a human approval step; and 5) confirm the referenced local setup script (bash ~/xparse-parse/setup.sh) actually exists or provide an alternative, because the skill references scripts not present in the published bundle. If you cannot verify the installer source or script contents, treat this skill as high-risk and do not install it.

Like a lobster shell, security has layers — review code before you run it.

latestvk974qc5p22h6fvm003rpaxdt4984gqrb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments