ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Book Processor

v1.0.0

自动化处理 EPUB 电子书,提取全文、封面、概要和框架解读,支持案例库、每日清单、5-Why 分析、思维模型速查卡、流程图和 FAQ 等多种资产生成。

0· 76·1 current·1 all-time
by@ntsnail
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (jq, python3, unzip), and the included processing script all align with extracting text and generating summaries/assets from EPUB files. No unrelated credentials, tools, or configuration paths are requested.
Instruction Scope
SKILL.md limits actions to receiving an EPUB, creating a folder under ~/workspace/books/, reading an optional process_config.json in that folder, and running scripts/process_book.sh. The script only reads files from the extracted EPUB and the per-book config, writes generated assets back into the book folder, and cleans up /tmp; it does not attempt to read or exfiltrate other system files.
Install Mechanism
The skill is instruction-only (no external download). The script will attempt to install jq via 'sudo apt-get update && sudo apt-get install -y jq' if jq is missing — this performs network package installation and requires sudo. That is not inherently malicious but is an installation action users should be aware of.
Credentials
No environment variables, credentials, or unrelated config paths are requested. All filesystem writes are confined to the book folder under ~/workspace/books/ and /tmp for extraction. No external API keys or secrets are required.
Persistence & Privilege
Skill is not marked 'always:true'. It is user-invocable and can be auto-triggered on receiving .epub as described, which is consistent with its purpose. The skill does not modify other skills or global agent configuration.
Assessment
This skill appears coherent for processing EPUB files. Before installing or enabling it: 1) review the included scripts yourself (scripts/process_book.sh) so you’re comfortable with the file writes under ~/workspace/books/ and temporary extraction under /tmp; 2) be aware the script will try to install jq via sudo apt-get if jq is missing (it requires network access and sudo privileges); 3) the skill does not request credentials or external endpoints and does not appear to exfiltrate data, but it will process any EPUB you upload — only upload files you trust; 4) if you want tighter control, disable automatic triggering and run the processing script manually; and 5) if you run in a restricted environment (no sudo, no network), pre-install required binaries (jq, python3, unzip) to avoid the script attempting package installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3agnrsz8wkaxvwmz0ene4d83d7an

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsjq, python3, unzip

Comments