ClawHub
Back to skill
v1.0.0

only for test

BenignClawScan verdict for this skill. Analyzed May 3, 2026, 1:58 AM.

Analysis

This is a coherent document-to-Markdown extraction skill, with normal cautions because it can install Python packages, write temporary OCR files, and use an MCP OCR service for images or scanned PDFs.

GuidanceThis skill appears safe for ordinary document extraction. Before installing, be aware that it may install Python libraries and that OCR for images or scanned PDFs depends on an MCP OCR service; do not use that OCR path for sensitive documents unless you trust the service.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Read, Grep, Glob, Write, Bash, mcp__zai-mcp-server__extract_text_from_screenshot

The skill exposes Bash and Write even though it is described as read-only extraction. The documented uses are purpose-aligned, but these tools can affect the local environment if used beyond the stated workflow.

User impactA mistaken or overly broad invocation could install packages or create files, even though the source documents are not supposed to be modified.
RecommendationUse it only on document paths you choose, and keep Bash/Write actions limited to the documented dependency install and temporary OCR processing.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
pip install python-docx openpyxl pymupdf

The skill instructs installing third-party Python packages, but the command does not pin exact versions and there is no install spec in the supplied artifacts.

User impactThe skill may add external packages to the Python environment before use.
RecommendationInstall in a trusted or isolated environment and consider pinning/reviewing package versions if handling important documents.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
必须使用 MCP OCR ... mcp__zai-mcp-server__extract_text_from_screenshot ... image_source: 图片路径或 URL

For images and scanned PDFs, the skill routes OCR through an MCP tool using a local image path or URL; the artifact does not describe that service's retention or data boundary.

User impactText and images from scanned or image-based documents may be processed by the MCP OCR service.
RecommendationAvoid using OCR on confidential documents unless you trust the configured MCP OCR service and understand how it handles data.