文件总结 File Summary & Analysis
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it claims—read and summarize a user-selected local document—but users should note that it may auto-install Python packages and sends extracted document text into the agent/LLM context.
This skill looks purpose-aligned for summarizing local txt, docx, pdf, xlsx, and xls files. Before installing or using it, be aware that it may auto-install Python dependencies and that any file you ask it to summarize will be read into the agent/LLM context. Use a trusted Python environment and avoid confidential documents unless your OpenClaw/LLM setup is approved for them.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a sensitive file, the file's text may be shown to the agent and used for summarization.
The script reads and outputs the contents of a supported local file path supplied as an argument. This is central to the skill's purpose, but it should remain user-directed because local documents may be sensitive.
file_path = sys.argv[1] ... content = read_file(file_path) ... print(content)
Only use the skill on files the user explicitly wants summarized, and confirm before reading a path mentioned incidentally.
Running the skill may modify the user's Python environment and fetch packages from the Python package index.
The skill can install missing Python dependencies at runtime. The packages are standard and purpose-aligned, but most are unpinned and are installed outside a declared install spec.
subprocess.check_call([sys.executable, "-m", "pip", "install", package_name], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
Consider installing dependencies in a virtual environment, pinning package versions, and asking the user before automatic installation.
Sensitive document contents could be processed by the configured LLM provider or retained according to that provider's settings.
The skill feeds extracted local document text into the OpenClaw LLM for summarization. This is expected for a summarizer, but users should understand that private document text becomes model context.
Generate summary: OpenClaw LLM summarizes the extracted text automatically
Avoid summarizing confidential files unless the configured OpenClaw/LLM environment is trusted for that data.