ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DaoReview

v1.0.0

文档审核评分工具。当用户要求"审核文档"、"检查文档"、"给文档打分"、"评估文档"、"分析文档"、或上传 .docx/.txt/.md 文件进行审查时触发。执行文档内容分析,从结构完整性、内容质量、格式规范、逻辑性等维度给出评分和改进建议。

0· 87·0 current·0 all-time
by@douglasliu

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for douglasliu/dao-review.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "DaoReview" (douglasliu/dao-review) from ClawHub.
Skill page: https://clawhub.ai/douglasliu/dao-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dao-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install dao-review
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (document auditing for .docx/.txt/.md) aligns with the SKILL.md content. However, the instructions explicitly call external binaries (pandoc, docx2txt, unzip, sed, cat) while the skill metadata lists no required binaries — a mismatch that should be clarified.
!
Instruction Scope
The SKILL.md instructs the agent to run shell commands that read files from arbitrary paths (e.g., pandoc "path" -t plain, unzip -p ...). That is coherent with processing uploaded documents, but it also permits reading any filesystem path the agent is given, and uses shell pipelines (sed, unzip) that could be abused if inputs/paths are not strictly constrained or sanitized. The instructions do not explicitly limit processing to user-supplied uploads or warn about path sanitization.
Install Mechanism
Instruction-only skill with no install spec — lowest install risk. Nothing is written to disk by an install step. The remaining risk is runtime (shell command execution), not installation.
Credentials
No environment variables, credentials, or config paths are requested — which is proportionate for a document-review tool.
Persistence & Privilege
The skill is not marked 'always' and does not request elevated/persistent privileges. It can be invoked by the agent (default), which is expected for skills of this type.
What to consider before installing
This skill appears to do what it says (review documents and output a scored report) but it expects to run shell tools to extract text and will read files at paths you provide. Before installing or enabling it: 1) Confirm whether your agent runtime has pandoc, docx2txt, unzip, sed, and cat available — the SKILL.md references these but the skill metadata doesn't declare them. 2) Ensure the agent is sandboxed and will only process files you explicitly upload (prevent it from being given arbitrary system paths). 3) Prefer a version that declares required binaries or provide a wrapper that sanitizes/validates file paths and filenames to avoid path-injection. 4) Avoid uploading sensitive documents (PII, secrets) until you trust the runtime environment. If you need higher assurance, ask the publisher for source code or a manifest that declares required binaries and explains how inputs are constrained.

Like a lobster shell, security has layers — review code before you run it.

latestvk974dxj0c1a2c0w01rnsqtzzhd83x65d
87downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@douglasliu
latest
Download

DaoReview · 道哥的文档检查器

支持格式

  • .docx — Word 文档(通过 pandoc/docx2txt/unzip 提取文本)
  • .txt — 纯文本
  • .md — Markdown 文件

工作流程

第一步:读取文件

根据文件类型选择读取方式:

# docx 文件
pandoc "/path/to/file.docx" -t plain 2>/dev/null || \
docx2txt "/path/to/file.docx" 2>/dev/null || \
unzip -p "/path/to/file.docx" word/document.xml | sed 's/<[^>]*>//g'

# txt 文件
cat "/path/to/file.txt"

# md 文件
cat "/path/to/file.md"

第二步:审核内容

分析以下维度:

维度权重说明
结构完整性20%是否有清晰的开头、主体、结尾;框架是否完整
内容质量25%信息准确性、深度、实用性
格式规范15%排版整洁度、格式残留(如 Word 内部标记)
逻辑性20%层次清晰、因果连贯、无矛盾
可执行性20%目标是否明确、计划是否落地、奖励机制是否清晰

第三步:输出报告

按以下格式输出:

## 📋 文档审核报告:{文件名}

### 综合评分:**{总分} / 100**

---

### ✅ 优点
(列出 2-5 个亮点)

### ⚠️ 需改进的问题
(列出主要问题及扣分原因)

### 💡 建议补充
(给出具体改进方向)

打分参考标准

  • 90-100:优秀 — 结构完整、内容详实、可直接执行
  • 75-89:良好 — 框架清晰,细节需打磨
  • 60-74:及格 — 有基本框架,关键内容缺失较多
  • 60以下:需大幅重写 — 结构或内容有根本性问题

注意事项

  • 如果文件路径包含中文或空格,用引号包裹
  • docx 文件中的超链接标记(如 HYPERLINK)属于格式残留,计入扣分
  • 如果文档是活动策划案,优先检查:目标、受众、时间节点、责任分工、奖励机制
  • 保持评分客观,优点和缺点都要明确指出
  • 回复使用中文

Comments

Loading comments...