Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Doc Structurer
v1.0.0파싱된 문서 텍스트를 분석하여 문서 유형을 자동 분류하고, 핵심 정보를 구조화된 데이터(JSON)로 변환하는 스킬. doc-parser 결과를 받아 후속 처리하는 파이프라인 스킬.
⭐ 0· 19·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description describe document classification and JSON structuring; required binary is only python3; the included script and SKILL.md focus on reading parsed_results.json and producing structured JSON for downstream syncs, which is proportionate to the stated purpose.
Instruction Scope
Runtime instructions and system-prompt.md tell the agent to immediately run doc_structurer.py on a provided path and to use LLM assistance when confidence is low. This is functionally consistent, but the pre-scan flagged a 'system-prompt-override' pattern: the skill ships its own system/chat prompts (system-prompt.md, chatgpt-prompt.md) which can influence model behavior. That capability is normal for a skill but can be abused to change agent decision-making, so inspect prompt files and be cautious about autonomous invocation.
Install Mechanism
No install spec — instruction-only with a Python script. Nothing is downloaded or written by an installer; risk from installation mechanism is low.
Credentials
The skill requests no environment variables, no external credentials, and no config paths. That aligns with a local parsing/structuring tool.
Persistence & Privilege
always is false, model invocation is allowed (the platform default). The skill does not request permanent presence or system-level config changes in the manifest.
Scan Findings in Context
[system-prompt-override] unexpected: The skill includes system-prompt.md and chatgpt-prompt.md which set agent/system instructions. Including prompt files for a skill is common, but the pattern was flagged because such prompts can override or steer the agent. Review these prompt contents to ensure they don't instruct the agent to exfiltrate data, ignore user constraints, or perform unrelated actions.
What to consider before installing
This skill appears to do what it claims (parse parsed_results.json and produce structured JSON), but it ships its own system/chat prompts which can influence the agent's behavior. Before installing or running it, (1) review the full doc_structurer.py for any network calls (requests, urllib, socket), subprocess/exec usage, or obfuscated code; (2) read system-prompt.md and chatgpt-prompt.md to ensure they don't contain instructions that could cause data exfiltration or override safety constraints; (3) run the script in an isolated/sandbox environment on non-sensitive sample data to observe behavior; (4) avoid granting autonomous execution privileges until you trust the author or have sanitized the prompts and code. If you want, I can scan the full doc_structurer.py (untruncated) for network or execution patterns and list exact lines of concern.system-prompt.md:1
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk973rxmy78s0v9hq14zzrjrdqs84aza7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏗️ Clawdis
Binspython3