文献精读小工具
PassAudited by ClawScan on May 1, 2026.
Overview
The skill’s behavior matches its stated purpose, but users should review the OCR/LLM endpoints, API key handling, dependency installation, and chosen PDF folders before use.
Before installing, use a virtual environment, review config.json endpoints and models, provide API keys via environment variables when possible, avoid remote OCR/LLM services for confidential PDFs unless approved, and pass only the specific files or folders you intend to summarize.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Text from selected PDFs may leave the local machine and be processed by the configured model provider.
The extracted PDF text is merged into a prompt and sent to the configured OpenAI-compatible LLM provider.
resp = client.chat.completions.create(... messages=[{'role': 'user', 'content': merged_prompt}],)Review config.json base_url/model/provider settings before use, and use a trusted or internal endpoint for confidential documents.
Full PDFs may be transmitted to the OCR service when OCR mode is turned on.
If PaddleOCR mode is enabled, the raw PDF file is uploaded to the configured OCR job endpoint.
requests.post(job_url, headers=headers, data=data, files={'file': f}, timeout=120)Keep use_paddleocr disabled unless needed, and only enable it with an OCR endpoint you trust for the documents being processed.
Users must provide service credentials, and storing them directly in config.json could expose them to anyone who can read that file.
The skill uses provider API keys from config.json or environment variables to authenticate OCR/LLM calls.
`api_key` 支持两种写法:在config.json中指定;环境变量引用:`${ENV_VAR}`Prefer environment-variable references, use least-privilege provider keys where available, and avoid committing config files containing keys.
The exact dependency versions installed can vary over time.
The skill depends on Python packages installed from package repositories with lower-bound version ranges rather than exact pinned versions.
openai>=1.40.0 requests>=2.31.0 pdfplumber>=0.11.0
Install in a virtual environment and consider pinning or reviewing dependency versions for sensitive environments.
Passing a broad folder could process and potentially send more PDFs to model providers than intended.
When a directory is supplied, the pipeline recursively collects all PDF files under that directory.
items.extend(sorted(Path(d).rglob('*.pdf')))Use specific PDF paths or narrowly scoped folders, especially when working with private document collections.