SenseNova-Skills
WarnAudited by ClawScan on May 14, 2026.
Overview
This office-skill suite is broadly aligned with its stated purpose, but it has under-disclosed runtime dependency execution and credential-handling issues that users should review before installing.
Install only if you trust the publisher and are comfortable reviewing the code first. Pay special attention to the PPT export script that can run npm, remove or verify any hardcoded API keys, configure your own scoped credentials, and run the suite in a sandbox when processing sensitive files.
Publisher note
All network access is intended skill behavior: calls to the SenseNova API (image generation, VLM, LLM via token.sensenova.cn) and to public search APIs (GitHub, arXiv, Semantic Scholar, PubMed, Hacker News, Stack Overflow, HuggingFace, Reddit, YouTube, Bilibili, Zhihu, Douyin). Env/credential reads (SN_API_KEY, GITHUB_TOKEN, YOUTUBE_API_KEY, TIKHUB_TOKEN, platform cookies, etc.) are the documented configuration inputs for those APIs. No code runs at install time; Python scripts execute only when a user explicitly invokes a skill.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the PPT export flow could cause the agent to run npm and install code on your machine, not just convert a file.
The PPT export script can invoke the system package manager from code. Because the registry has no install spec and no required binaries, this runtime dependency installation is under-disclosed and may execute package lifecycle code or fetch dependencies when the skill is used.
execSync('npm install --omit=dev', { cwd: __dirname, stdio: 'inherit' });Review the Node package files first, install dependencies explicitly in a sandbox, and avoid skills that auto-install packages at runtime unless you trust the source.
The skill may use or expose an embedded provider credential instead of only credentials you explicitly configured.
The static scan reports what appears to be a hardcoded API key in the SenseNova image-generation adapter. Provider credentials are expected for this suite, but hardcoded secrets create ambiguity about whose account is used and how that credential is protected.
api_key=[REDACTED],
Do not rely on embedded credentials; require the skill to read API keys from user-controlled environment variables or config, and rotate any exposed key.
LLM requests may be tied to an unclear credential, which can affect billing, auditability, and account authorization boundaries.
A second model adapter is reported to contain a hardcoded API-key literal. This compounds the credential-boundary issue, especially because the plugin metadata declares no credential schema.
api_key = [REDACTED]
Inspect the adapter before use, remove hardcoded keys, and configure only scoped keys that belong to the installing user or organization.
Installing from a moving branch can add or change agent behavior beyond a single small skill.
The documented manual install copies a remote repository directly into the agent skills directory. This is a normal install pattern for a skill bundle, but it means the agent will later trust and run those files.
git clone https://github.com/OpenSenseNova/SenseNova-Skills.git --depth=1 mkdir -p ~/.openclaw/skills cp -r SenseNova-Skills/skills/* ~/.openclaw/skills/
Install from a trusted, pinned release or commit, and review the included scripts before copying them into the agent’s skills directory.
Prompts, documents, images, or extracted content used in these workflows may be sent to external APIs depending on the invoked skill.
The suite is designed to call an external model provider. This is purpose-aligned for image, PPT, and research generation, but users should understand that task content supplied to those workflows may be processed by the configured provider.
Recommended LLM: pair them with the SenseNova Platform API
Avoid sending confidential material unless your provider configuration and data-handling terms are acceptable, and use separate scoped API keys for this skill.