ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

document-parser

v1.0.0

Parse and extract content from .docx, .pdf, and .txt documents. Extracts plain text and tables for analysis. Use when the user uploads a document file or ask...

0· 85·0 current·0 all-time
by@mjk39966-glitch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included code: parse_document.py, README, and SKILL.md all describe extracting text and tables from .docx/.pdf/.txt. However, skill.yaml lists main.py as the entry point while the runtime instructions and README instruct using scripts/parse_document.py. main.py provides a much more limited parser (returns only text and status) and contains a syntax error, so the declared entry conflicts with the actual usable parser.
Instruction Scope
SKILL.md instructs running the local parse script and an included install script. The instructions stay within the stated purpose (parsing docs) and do not request unrelated files, credentials, or external endpoints. They accurately explain limitations (no OCR) and how to install required Python packages.
Install Mechanism
No external downloads or obscure install hosts. The included scripts/install_dependencies.sh runs pip to install python-docx, PyPDF2, and pdfplumber — standard public Python packages. This is low-to-moderate risk and matches the skill's needs.
Credentials
The skill requests no environment variables, no credentials, and references no config paths. All required capabilities align with parsing local document files.
Persistence & Privilege
always is false and there is no indication the skill requests permanent system presence or modifies other skills/config. Autonomous invocation is allowed by default but not combined with other concerning flags.
What to consider before installing
This skill appears to implement a legitimate document parser, but packaging issues make it risky to install and run blindly. Before using: (1) inspect main.py — it currently contains a syntax error (the if __name__ guard is malformed) and differs from parse_document.py; (2) prefer running scripts/parse_document.py (the README and SKILL.md point to it) in a sandboxed environment to confirm behavior; (3) run the install script in a virtualenv rather than system Python; (4) test with non-sensitive documents first to ensure output and that no unexpected network activity occurs; (5) if you plan to let the agent invoke the skill automatically, consider fixing or removing the broken main.py and correcting skill.yaml to point to the intended entry to avoid accidental execution of a different/broken module. If you need higher assurance, ask the publisher for a corrected package or source provenance (homepage/author contact).

Like a lobster shell, security has layers — review code before you run it.

documentvk977p09whw9633w4c2d3f5j1yx83gf5rdocxvk977p09whw9633w4c2d3f5j1yx83gf5rlatestvk977p09whw9633w4c2d3f5j1yx83gf5rparservk977p09whw9633w4c2d3f5j1yx83gf5rpdfvk977p09whw9633w4c2d3f5j1yx83gf5r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments