Skillv1.0.2

ClawScan security

Automation Master · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 26, 2026, 11:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: 代码和文档大体匹配其“Windows办公自动化”目的, 但源代码 contains at least one unexpected hard-coded network printer endpoint (\\10.92.30.89) and performs system-level printer/process operations that warrant review before installing.
Guidance: This skill largely does what its description says (Windows-only office automation), but review and take precautions before installing: - Inspect and remove or parameterize the hard-coded network printer IP (\\10.92.30.89). As-written, print jobs may be routed to that host without explicit user consent, which can leak sensitive documents. - Be aware the code manipulates global system state: it kills LibreOffice processes, enumerates and deletes printer jobs, and uses COM automation to open/print Office files. Run it only on a dedicated Windows test machine or sandbox first. - If you need printing features, require an explicit printer parameter or allow configuration via trusted settings (not a baked-in IP). Confirm where print jobs are sent during testing. - Audit the omitted/truncated files for any other hard-coded endpoints, network calls, or data-exfiltration logic before use. - Consider limiting the skill’s access to sensitive directories and avoid running it with elevated privileges. If you cannot audit the full codebase, avoid installing it in production or giving it access to sensitive documents. If you want, I can search the remaining truncated files for other hard-coded endpoints, network communication, or suspicious patterns (e.g., HTTP requests, sockets, external upload logic).

Review Dimensions

Purpose & Capability: noteName/description (文件处理、发票提取、对账、模板生成) align with the included Python modules and services (PDF/DOCX handling, Excel processing, invoice extraction, reconciliation). Windows-only dependencies (win32print, pythoncom, taskkill) are declared in SKILL.md and used by the code.
Instruction Scope: concernRuntime code performs system-level operations beyond simple file I/O: killing LibreOffice processes, enumerating and deleting printer queue jobs, initializing/uninitializing COM, and sending print jobs. Those operations are plausible for a printer/printing feature, but they manipulate global system state (printer queues, running processes) and could affect other users/processes. The code also constructs network printer addresses (see file_print_service) and will forward print jobs to a remote host if triggered.
Install Mechanism: okNo install spec is provided (instruction-only in registry), and there are no download/install steps that fetch remote archives. Dependencies are Python packages listed in requirements.txt; installing them is standard. Risk here is execution of local code rather than remote fetches.
Credentials: concernThe skill declares no required env vars or credentials, which matches the manifest. However, the code contains a hard-coded network printer prefix/IP ('\\10.92.30.89\\' + printer_name) used as a fallback when a printer name is provided without network path. That implicitly directs print output to a specific remote host (internal IP) and is not justified by the SKILL.md. Hard-coded network endpoints are a disproportionate and unexpected channel for data (printed documents can contain sensitive information).
Persistence & Privilege: okThe skill is not forced-always, and allows normal autonomous invocation. It does not appear to modify other skills' configs or require permanent platform-level privileges. However, because it can perform system operations (taskkill, manipulate printer queues), its runtime actions have system impact; this is expected for an automation tool but should be limited to explicit user-invoked runs.