智能文档处理助手

What to consider before installing: - Documentation mismatch: SKILL.md shows separate scripts (summarize.mjs, translate.mjs, extract.mjs) but the package contains only scripts/process.mjs which supports actions via --action. Treat the single process.mjs as the real entrypoint; the extra examples are likely stale docs but could cause confusion. - No secret access: the code does not request or read credentials or environment secrets, and it does not call external APIs for translation (translation is a placeholder). Still, inspect any later updates that add network or API calls before sending sensitive documents. - Local-only operation: pdftotext is invoked through child_process.execSync to extract PDF text; this is expected but means the binary must be present on the host. Run the tool on non-sensitive sample documents first. - Safety steps: review scripts/process.mjs locally (already provided), run in an isolated environment (container or VM), and search the repo for any network calls or hidden endpoints before processing confidential files. If translation features are important, verify which translation API the skill integrates with (if any) and ensure you consent to any external data transmission. Overall: the implementation appears coherent with its stated purpose, but the documentation inconsistencies justify caution (test in a sandbox and review code) before using on sensitive data.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.