Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lakebook To Md
v1.1.0将语雀导出的 .lakebook 文件转换为 Markdown + Excel 文件夹。支持 lake 富文本、laketable 数据库表格(同时输出 Excel)、lakesheet 电子表格、书签卡片、本地附件下载、代码块、加密内容占位等。自动生成详细的转换报告。
⭐ 0· 83·0 current·0 all-time
byLuhui WANG@luhuiwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (convert .lakebook → Markdown + Excel, download attachments, produce report) match the files and runtime instructions. Declared dependencies and included code implement the stated features; no unexplained credentials or unrelated binaries are requested.
Instruction Scope
Runtime instructions tell the agent to run startup.py which will unpack the provided .lakebook, parse its JSON, download resources, and write files. The code downloads arbitrary URLs found in the archive using requests.get (expected for attachments) and writes to disk. Critically, unpack_lake_book_file uses tarfile.extractall() without path sanitization, allowing a crafted .lakebook to write files outside the intended output directory (path-traversal). startup.ensure_deps will also run pip install at runtime via subprocess, which is network I/O not obvious to non-technical users.
Install Mechanism
No formal install spec is provided, but scripts/startup.py auto-installs Python dependencies by calling pip (subprocess.check_call with requirements.txt). This fetches packages from PyPI at runtime; while packages are common and expected, automatic network installs increase risk and side-effects compared with explicit, user-run installation.
Credentials
The skill requests no environment variables or credentials (good). It does require filesystem write/read access to the provided .lakebook and output folder (expected). Be aware that downloaded resources will make outbound network requests to URLs embedded in the archive (IP exposure, logging by remote hosts).
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not attempt to modify other skills or global agent configuration. Its runtime behavior is limited to the process that the user invokes (or the agent invoking it).
What to consider before installing
This skill appears to do what it says (convert .lakebook → Markdown/Excel and download attachments), but take precautions before running: 1) Only run on .lakebook files from trusted sources — the code uses tarfile.extractall() without sanitizing archive paths, so a malicious archive could overwrite files outside the output folder. 2) Run the conversion in an isolated environment (container/VM) or with limited filesystem permissions to limit potential damage. 3) Be aware startup.py will automatically pip install dependencies (network fetch from PyPI) — if you prefer control, install dependencies yourself before running. 4) Downloaded attachments are fetched from URLs embedded in the archive; these external requests can reveal your IP and be logged by third parties. 5) If you care about the extraction vulnerability, inspect/modify lake_reader.unpack_lake_book_file to safely validate TarInfo names (or use a known-safe extraction helper) before running. If you want, I can point to a safe tar extraction snippet or help produce a patched version of unpack_lake_book_file that rejects absolute paths and path traversal entries.Like a lobster shell, security has layers — review code before you run it.
latestvk97fab2s5rb4m8tzj1c5258xzd83wskz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.