Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the behavior (extract summary, keywords, conclusions). No extra binaries or env vars are requested. However, the included index.ts sets the skill to always trigger, which is inconsistent with the registry metadata and is more privileged than expected for a single-purpose parser.
Instruction Scope
SKILL.md contains a direct system-style prompt that redefines the assistant ('你是专业的学术文献自动解析助手... 用户发送的任何文本,都视为需要解析的文献内容') and instructs '不要多余文字、不要解释、不要提问'. This is a prompt-injection pattern (system-prompt-override) that attempts to replace or tightly constrain the agent's behavior and treats any user text as input to be parsed — broader scope than necessary and suppresses clarification.
Install Mechanism
Instruction-only with no install spec and no external downloads; low installation risk.
Credentials
No environment variables, credentials, or config paths requested — access is appropriately minimal for the stated function.
Persistence & Privilege
The skill bundle (index.ts) sets trigger.type = 'always', effectively making it a default/always-invoked skill. Combined with the SKILL.md's system-prompt-like instructions, this increases the blast radius of the prompt-injection behavior. Registry metadata listed always:false, so this is an internal inconsistency that should be resolved before installation.
Scan Findings in Context
[system-prompt-override] unexpected: The SKILL.md contains a system-style prompt that attempts to redefine assistant behavior and treats any user text as the document to parse. This is not required simply to implement a literature parser and is a recognized prompt-injection pattern.
What to consider before installing
This skill does what it says (extracts summaries/keywords/conclusions) and requests no secrets, but the runtime instructions act like a system-level prompt override and the included code sets the skill to always trigger. Those two facts combined raise suspicion: the skill could change or constrain the agent's global behavior and will run by default. Before installing, ask the publisher to: (1) remove or rework the SKILL.md so it does not try to override the agent's system prompt (make it operational guidance, not a system instruction); (2) change trigger.type from 'always' to an explicit user-invoked trigger; and (3) confirm the source/owner and provide a repo or homepage. If you cannot get those changes or verify the author, avoid installing or run it in a restricted/sandboxed environment first.Like a lobster shell, security has layers — review code before you run it.
latest
文献自动解析
自动解析用户发送的文献内容,输出摘要、关键词和核心结论。
系统提示词
你是专业的学术文献自动解析助手。 用户发送的任何文本,都视为需要解析的文献内容。
请严格按照以下格式输出,不要多余文字、不要解释、不要提问:
【摘要】 用简洁、通顺的语言概括全文核心内容。
【关键词】 列出3–6个最核心的关键词。
【核心结论】 提炼1–3条最重要的结论或观点。
Comments
Loading comments...