ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Contract Diff

v1.0.0

Compare contract templates with scanned stamped contracts, list all differences (additions, deletions, modifications). Output as Word document for easy downl...

0· 27·0 current·0 all-time
by@russell-yu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description ask for template vs scanned-contract comparison with OCR and a Word report; the included scripts use python-docx, PyMuPDF, Pillow, pytesseract and difflib which are exactly the tools you would expect for this task.
!
Instruction Scope
SKILL.md stays on-purpose (text extraction, OCR, diff, highlighted images, Word report). However there are inconsistencies: list_files.py contains a hard-coded absolute path (C:\Users\yangy\.openclaw\workspace\contract-diff\input) and performs shutil.copy to 'template.docx'/'scanned.pdf' (can overwrite files). SKILL.md states '脱敏处理: 敏感信息用 *** 代替' (redaction), but I found no implementation of systematic redaction in the scripts — reports in the output folder contain full contract text. Also the scripts run pip installs at runtime (see install_mechanism), which expands the runtime scope beyond what the SKILL.md describes.
!
Install Mechanism
No formal install spec is provided, but compare.py includes a try_import helper that calls os.system('pip install <pkg> -q') to install missing Python packages at runtime. That means installing packages from PyPI when the script runs (network activity, arbitrary package install side-effects). This is riskier than an instruction-only skill that expects preinstalled dependencies. The script does not download code from arbitrary URLs, but auto-installing packages without user confirmation is a notable concern.
Credentials
The skill declares no required environment variables or credentials, which is proportional. It does attempt to set pytesseract.pytesseract.tesseract_cmd to a Windows path if present (TESSERACT_PATH = 'C:\Program Files\Tesseract-OCR\tesseract.exe') — that is reasonable but platform-specific. It also requires a system-level Tesseract binary (documented in SKILL.md). No secrets or unrelated credentials are requested.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It does write/copy files in an 'input' directory (and could overwrite files via shutil.copy in list_files.py). It does not modify other skills or system-wide configurations. Running the scripts will modify local files (create report.docx, highlighted images, and the script's own copied files).
What to consider before installing
The skill appears to implement the advertised functionality (OCR + diff + Word report) but has several things you should consider before running it: - Inspect and/or remove list_files.py or any hard-coded paths. list_files.py references an absolute Windows path (C:\Users\yangy\...) and copies files: it can overwrite files if run in your environment. - The compare script will attempt to auto-install Python packages using pip (os.system('pip install ...')). If you run it, it will perform network installs from PyPI. Run in a controlled environment (virtualenv/container) or manually install the listed dependencies instead. - The SKILL.md claims sensitive-data redaction ("脱敏处理"), but the included scripts do not perform automated redaction; reports in the package include full contract text. Do not use this on real sensitive contracts until you confirm/implement redaction. - The scripts require the Tesseract OCR binary; install it from an official source and verify PATH configuration. - Because the skill writes files and can install packages, run it in a sandbox or isolated environment and back up any data you care about first. If you want to proceed safely: review/clean the code (remove or fix list_files.py), pre-install dependencies in an isolated venv, validate that reports redact sensitive fields if needed, and test on non-sensitive sample documents. If you want me to, I can point to exact lines to change/remove or produce a safer invocation plan (commands to run in a virtualenv).

Like a lobster shell, security has layers — review code before you run it.

latestvk971wh8s3cr95a3amg2v4dbfxd849mak

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments