Back to skill

Security audit

一个万无一失的EPUB繁简转换技能,可以将繁体中文电子书转换为简体中文,或反向转换。

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does EPUB Chinese text conversion as described, but it includes guidance to remove DRM and auto-installs unpinned Python packages on first use.

Review before installing. Use only on EPUBs you are authorized to modify, avoid DRM-circumvention workflows, and consider preinstalling or pinning the Python dependencies in a controlled environment instead of allowing first-run pip installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 安装依赖
        pip_path = venv_path / "bin" / "pip"
        subprocess.run([str(pip_path), "install", "ebooklib", "opencc-python-reimplemented"], check=True)
        
        print("✅ 依赖安装完成")
Confidence
93% confidence
Finding
subprocess.run([str(pip_path), "install", "ebooklib", "opencc-python-reimplemented"], check=True)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The installation guide states the skill will 'automatically' create a virtual environment and install dependencies on first run, but this side effect is only briefly mentioned and not framed as a security-relevant operation requiring user awareness or consent. Auto-installing packages and writing files to the user's home directory expands the trust boundary and can expose users to supply-chain risk, unexpected persistence, or unauthorized system changes if the skill or its dependencies are compromised.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The tool's stated purpose is EPUB text conversion, but it also creates a private environment and installs packages from the network automatically. That mismatch increases risk because it introduces unnecessary code-fetching and execution capability into a file-processing utility, making the skill more dangerous than its declared function suggests.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The instructions do not clearly warn users that first execution will modify the local system by creating files and installing dependencies. While this is common behavior for developer tooling, omitting a prominent warning reduces informed consent and may lead users to run the skill in sensitive environments where network/package installation is inappropriate.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly advertises automatic dependency installation and EPUB file generation/modification, but does not clearly warn users that the skill will create a virtual environment, install packages, and write new files. In an agent skill context, undisclosed environment changes and file writes reduce informed consent and can surprise users, increasing the risk of unintended system modification or trust abuse even if the documented behavior appears functional rather than overtly malicious.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill documentation states that the script will auto-install dependencies and create a virtual environment under the user's home directory, but it does not clearly warn the user up front that executing the skill modifies the local environment and performs network/package installation. This is dangerous because users may run it expecting a pure file conversion task, while it actually persists files under ~/.openclaw and pulls third-party packages, which can violate least surprise, enterprise policy, or restricted execution environments.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "EPUB转换" is overly broad for a skill that appears intended only for Chinese script conversion within EPUB files. In an agentic environment, this can cause the skill to activate on unrelated EPUB conversion requests, leading to incorrect tool selection, unintended file processing, or execution of code paths the user did not request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The condition that the skill auto-triggers when a user uploads an EPUB file and asks about conversion is ambiguous because it does not constrain the requested conversion type. This can cause the skill to run on any EPUB transformation request, increasing the risk of unintended processing, user surprise, and unsafe autonomous dependency installation or file handling outside the skill's intended scope.

Ssd 2

Medium
Confidence
95% confidence
Finding
The text states that DRM-protected files cannot be converted and then advises users to first remove DRM with external tools such as Calibre. Even though it is brief, this materially facilitates circumvention of content protection and encourages potentially unlawful handling of protected ebooks; in the context of a file-conversion skill, this makes misuse more plausible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.