Office Hub

The skill's core scripts match an Office automation purpose, but its scheduler/autonomy features (searching other skills, auto-merging, registering cron jobs that announce to a hardcoded Feishu user, and hardcoded user-paths) reach beyond what the description justifies and risk unintended data exposure or unwanted notifications.

What to check before installing: - Do not run the scheduler or setup.sh until you review the code. The scripts for PDF/Excel/Word are straightforward and match the description, but scheduler.py contains autonomous behaviors that may read other skills and register cron jobs that send announcements to a hardcoded Feishu user ID. - Remove or sandbox scheduler.py if you only want document utilities. If you want scheduled/autonomous behavior, require explicit consent and change the hardcoded Feishu recipient and SKILL_DIR path. - Confirm you trust the author (no homepage provided). The presence of the developer's home path (/Users/lrs/...) and fixed recipient ID are privacy/red-flag signals. - Search SKILL.md for non-printing/control Unicode characters and remove them; they can be used for prompt-injection-like attacks. - If you will run cron registration, inspect/understand the exact 'openclaw'/'clawhub' commands and ensure the platform account used by those CLIs is appropriate and authorized to post to the specified Feishu channel. - Prefer running the scripts in an isolated environment/VM or container, and review evolution_log.json/scheduler_tasks.json for what the skill records. If unsure, ask the publisher for a source repository and an explanation of the auto-merge behavior and Feishu targets before installing.