Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
clawd LiteParse
v1.0.0Use when parsing PDFs, DOCX, PPTX, XLSX, or images locally. Supports text extraction, JSON output with bounding boxes, batch processing, and page screenshots...
⭐ 0· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (local parsing of PDFs, Office files, images) matches the CLI usage documented (commands like `lit parse`, screenshot and batch commands). No environment variables or system config paths are requested, which is proportionate. However, the SKILL.md recommends installing a Homebrew package called 'llamaindex-liteparse' while the registry metadata and skill name use 'clawd'/'clawd LiteParse' — a branding/name mismatch that is unexpected and should be explained.
Instruction Scope
The runtime instructions only describe using a local CLI ('lit') to parse files, generate JSON/text, screenshots, and a local config file. They instruct installing LibreOffice and ImageMagick as dependencies for document conversion and image handling — which is consistent with the tool's function. The instructions do not request reading unrelated files or exfiltrating data.
Install Mechanism
No formal install spec is declared in the skill bundle, but SKILL.md instructs users to run `brew install llamaindex-liteparse`. That Homebrew formula name is not proven to be from a trusted upstream in the skill metadata, and it conflicts with the skill's registry name/branding. Asking users to install an unverified package via Homebrew (which will download and run code) increases risk; LibreOffice/ImageMagick via Homebrew are common and expected, but the primary installer should be verified (source repo, maintainer, release artifacts).
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That is appropriate for a local parsing CLI and matches the SKILL.md, which only references an optional local config file (liteparse.config.json).
Persistence & Privilege
The skill is not always-enabled and does not request special persistence or system-wide changes. It does not declare any behavior that would alter other skills or global agent configuration. Note: the skill allows normal autonomous invocation (platform default), but that alone is not a new concern given the rest of the footprint.
What to consider before installing
This skill appears to be a local document-parsing CLI, but before installing or using it verify the installer and source. Specifically: (1) check the Homebrew formula 'llamaindex-liteparse' (run `brew info llamaindex-liteparse`) and confirm the formula's tap/repo and maintainer; prefer installing from a trusted GitHub release or a well-known tap. (2) The skill's registry name/owner ('clawd-liteparse') doesn't match the brew package name ('llamaindex-liteparse') — ask the publisher to clarify the source. (3) If you must install, inspect the package contents or verify checksums in a sandboxed environment first; avoid installing unverified binaries on sensitive machines. (4) LibreOffice and ImageMagick are expected dependencies for conversion and image handling; ensure you obtain them from official Homebrew casks or your OS package manager. If the publisher cannot point to a trustworthy source repository or release artifacts, treat the package as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk970q065m4fhd7d4hc16p1z1jx84eqdc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.