ClawHub

text-transformer

v1.0.0

调用 Python 脚本处理文本(当前支持:转换为大写)。 / Python-powered text transformation tool.

0· 121·0 current·0 all-time
by郭祥伟@microshark2024
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the code and instructions. The included tool.py implements a simple uppercase transform and no unrelated capabilities (no cloud APIs, no extra binaries, no secrets).
Instruction Scope
SKILL.md instructs the agent to run: python {baseDir}/tool.py "<extracted text>". That's within scope for text transformation, but telling the agent to use a shell (bash or exec) to interpolate user text creates a minor risk: if the agent runs the command through a shell without proper escaping, user-provided content could lead to command injection. The script itself only reads argv[1] and prints an uppercase version (no file I/O or network calls).
Install Mechanism
No install spec; instruction-only with a small included script. Nothing is downloaded or written to disk at install time beyond the provided file, so install risk is low.
Credentials
No environment variables, credentials, or config paths are requested. The requested surface is minimal and appropriate for the described task.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent elevated privileges or modify other skills or system-wide settings.
Assessment
This skill appears low-risk and does exactly what it claims (uppercase conversion) with no network access or secrets. Before installing, confirm you trust the skill source (owner unknown) and ensure the agent executes the Python process without shell interpolation (call python directly with an argv array or properly escape user input) to avoid command-injection risks. If you plan to run this in a sensitive environment, inspect/verify tool.py's contents and run it in a restricted environment (container or sandbox).

Like a lobster shell, security has layers — review code before you run it.

latestvk97b57y2jw5f4na2agw3w6v92183j30c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments