ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

crs-report-generator

v1.0.0

从银行/券商PDF流水自动提取信息,生成美化的CRS金融账户信息申报表。支持PDF解析、数据提取、表格生成。

1· 304·0 current·0 all-time
by@masterbenc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The script implements PDF text extraction (via pdfplumber) and Excel generation (openpyxl), which aligns with the skill description. Minor inconsistencies: SKILL.md lists BeautifulSoup in the tech stack but the included script does not import or use it, and the SKILL.md claims an automatic '信息脱敏' (data masking) feature while the script provides only placeholder defaults and does not perform explicit redaction logic.
Instruction Scope
SKILL.md instructs users to upload text-based PDFs and describes extraction and table generation; the script follows that flow and only reads the provided PDF and writes an XLSX. It does not reference unrelated system files or environment variables. The only scope concern is the claimed automatic desensitization: the runtime code does not contain explicit masking/sanitization routines beyond using placeholder defaults when fields are missing.
Install Mechanism
No install spec is provided (instruction-only skill) and the included script relies on common Python libraries. This is low-risk from an installation perspective; nothing is downloaded or executed automatically by an installer.
Credentials
The skill requires no environment variables, credentials, or config paths. The code does not attempt to read secrets or external configs, which is proportionate to its stated functionality.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills or system-wide settings. It runs locally against user-supplied PDFs and writes output files only.
Assessment
This skill appears to do what it says: extract text from text-based PDFs and produce a beautified Excel CRS report. Before installing/using it, consider: - Run it offline or in an isolated environment when processing real customer PII because PDFs contain sensitive data. - Ensure your PDFs are text (not scanned images); the script uses pdfplumber and will not OCR images. - Verify the claimed '脱敏' behavior on sample data — the code does not implement clear automatic redaction, so you should manually inspect outputs before sharing. - Install and audit dependencies locally (pip install pdfplumber openpyxl) and review the script if you need guarantees about data handling (no network calls are present in the code). - Test with non-sensitive example files first and confirm output meets regulatory/compliance needs; final submissions should be reviewed by a qualified professional as the SKILL.md itself advises.

Like a lobster shell, security has layers — review code before you run it.

latestvk977na4gck9mr29jxq4akfagah82529q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments