ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Document Skill

v1.0.2

Enables AI to read, parse, and extract key information from PDF, DOCX, PPT, and WPS documents for analysis and summarization.

0· 532·3 current·4 all-time
by@mskrq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name and description promise extensive document parsing and extraction features (including encrypted-doc reading, table/image extraction, repair, translation). However, the package contains no code, no required binaries, and no declared integrations or credentials. The SKILL.md even states '仅用于技能搜索展示,无执行命令' ('for skill search/display only, no execution commands'), which directly contradicts the advertised runtime capabilities.
!
Instruction Scope
The SKILL.md provides no operational instructions for reading files, invoking parsers, calling external doc-analysis APIs, or accessing uploaded documents. It does not instruct the agent to read files, use OCR, or contact any endpoint — which means it cannot actually perform the listed tasks despite claiming to trigger when users request document analysis.
Install Mechanism
There is no install spec (instruction-only skill). That minimizes delivery risk because nothing is downloaded or written to disk. This is consistent with the file manifest (only SKILL.md present).
Credentials
The skill requests no environment variables, credentials, or config paths. While that reduces credential risk, it is also inconsistent with the described capabilities (real document parsing typically needs binaries/libraries or API keys for external services).
Persistence & Privilege
Default flags (always: false, disable-model-invocation: false). The skill does not request elevated persistence or system-wide changes.
What to consider before installing
This listing appears to be a display-only placeholder rather than a working document-parsing skill. Do not expect it to actually parse or extract content from files. Before using/installing, ask the publisher for: (1) the implementation (code or service endpoints), (2) any required binaries or libraries (e.g., Tika, pdfminer, pytesseract) or cloud APIs (Google Document AI, AWS Textract) and the corresponding env vars or auth flows, and (3) a homepage or source repo and owner identity. If you need real document parsing, prefer skills that explicitly include code or an install spec, or that declare integrations and the minimum required credentials; verify those integrations are from reputable providers. If the skill's listing continues to claim capabilities without providing implementation details, treat it as non-functional and avoid relying on it for processing sensitive documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk977bprbjw094d4zq8ezxz6kc183fjgf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments