Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polito Notes

v1.2.1

Convert PDF lecture slides into comprehensive bilingual (IT+EN) markdown notes for Polito university courses. Use when the user sends a PDF and specifies a c...

⭐ 0· 72·0 current·0 all-time

by@lookupmark

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's stated purpose (convert lecture PDFs into Italian and English markdown notes and place them in a course folder) aligns with the instructions to extract text, generate markdown, and write files under ~/Documenti/github/polito. However, the SKILL.md also references specific local components (e.g., ~/.local/share/local-rag/venv/ and ~/.openclaw/workspace/skills/lookupmark-local-rag/...) that go beyond a simple PDF-to-markdown converter and are not declared in the skill metadata (no required config paths or env vars). This is an unexplained dependence on local tooling and paths.

Instruction Scope

Instructions instruct the agent to read the user's filesystem (check/resolve ~/Documenti/github/polito folders), run pdftotext or a python fallback, create/overwrite files, and create backups. They also require 'Zero information loss' and explicitly state that PDF content will be preserved verbatim, which increases the risk of capturing sensitive or personal data. The instructions also reference running a local query script under ~/.openclaw/workspace/... for immediate search; these filesystem/behavioral expectations are broader than what the skill metadata declares and grant the agent broad discretion to read and write user files.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no bundled code — lowest install risk. The SKILL.md lists runtime dependencies (pdftotext, python3, and an optional local-rag venv), but there is no automated installer or remote download. That reduces supply-chain risk, though it does assume the user has particular tools and local paths available.

Credentials

The skill declares no required environment variables or config paths in metadata, yet the runtime instructions rely on specific local paths (~/.local/share/local-rag/venv, ~/.openclaw/workspace/skills/...) and the user's personal notes repository (~/Documenti/github/polito). This mismatch means the skill expects access to private filesystem locations without declaring them. Also, the 'Zero information loss' rule means potentially sensitive content from PDFs will be preserved and written to disk; that is a high privacy burden relative to the simple conversion task.

✓

Persistence & Privilege

The skill is not set to always:true and does not request perpetual presence. It instructs the agent to write files into the user's notes repo and to create backups (notes.md.bak), which is consistent with its purpose. It does reference automatic pickup by a separate local-rag skill during indexing, but that is a usage note rather than an escalation of privileges within this skill.

What to consider before installing

This skill appears to do what it says (convert PDFs into bilingual markdown files), but it expects access to specific local folders and tools that the metadata doesn't declare. Before installing/using it: 1) Confirm you want the agent to read and write under ~/Documenti/github/polito (it will list folders, infer lecture numbers, create/overwrite notes and .bak files). 2) Be aware of the 'Zero information loss' rule — sensitive or personal data inside PDFs will be copied verbatim into the notes. If that is a concern, do not process sensitive documents or ask the author to redact them first. 3) The skill references local-rag and an ~/.openclaw workspace path; verify whether those paths exist and whether you want automatic indexing/search of generated notes. 4) Because this is instruction-only (no bundled code), make sure pdftotext and python3 are installed locally; test first with a non-sensitive PDF to confirm behavior. 5) If you want stronger safety: request the skill author declare required config paths and offer an option to redact personal data or require explicit user confirmation before writing/overwriting files.

Like a lobster shell, security has layers — review code before you run it.

latestvk9780eg0z1h4987krdr3m3rhbn84amjy

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Polito Notes

License

Comments