Skillv1.0.4

ClawScan security

文档内容总结 Summary & Analysis txt/docx/pdf/xlsx/xls · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 9:58 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions align with its stated purpose (extract local document text for downstream LLM summarization); there are no hidden network endpoints or unrelated credential requests, but it auto-installs Python packages at runtime which has predictable risks you should understand.
Guidance: This skill appears to do what it claims: extract file text and let OpenClaw LLM summarize it. Before installing/using it: 1) Do not feed sensitive or confidential documents (SKILL.md already warns that extracted content goes to the LLM). 2) Run it in a controlled Python environment (virtualenv/container) because the script auto-installs packages from PyPI at runtime; installation scripts can execute code and will modify the environment. 3) Review the few package names it installs (python-docx, pypdf, openpyxl, xlrd==1.2.0) and consider installing them yourself ahead of time to avoid automatic runtime installs. 4) If you need stricter privacy, inspect OpenClaw's export/telemetry policy to confirm where stdout is sent, or run the script locally and keep summaries offline. 5) If you want additional assurance, run the script on non-sensitive sample files first and inspect network activity during pip installs.

Review Dimensions

Purpose & Capability: okThe name/description, SKILL.md, and file2sum.py all describe the same capability: extract text from local txt/docx/pdf/xlsx/xls files and hand the text to the OpenClaw LLM for summary/analysis. Required capabilities and files are proportional to that purpose.
Instruction Scope: okRuntime instructions and the script only read a single user-specified local file path and print its text (or an error starting with ❌). The SKILL.md explicitly warns that extracted content is sent to the OpenClaw LLM; the code itself does not contact external endpoints. The instructions do not request unrelated files, credentials, or system configuration.
Install Mechanism: noteThere is no packaged install spec, but the script will auto-install required Python packages at runtime using pip (subprocess.check_call). This pulls packages from PyPI over the network and runs their install-time code; while expected for a Python-based document reader, it is a moderate operational risk (modifies environment, network access, potential arbitrary code execution during package installation).
Credentials: okThe skill declares no environment variables, no credentials, and no config paths. The script only requires a Python runtime and will install standard parsing libs (python-docx, pypdf, openpyxl, xlrd==1.2.0). These requirements are proportionate to the stated purpose.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and does not write persistent system-wide configuration. It only prints extracted content for the host agent to consume.