ClawHub

document-reader

v1.0.0

通用文档读取工具,支持 PDF/DOCX/XLSX/PPTX/RTF/ODT 等多种文档格式,也支持 ZIP/TAR.GZ/RAR/7Z 等主流压缩包内文档直接读取

0· 135·0 current·0 all-time
byxiaoya@xiaoyaliu00
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (reading many document formats and archives) match the included script and declared dependencies (textract, python-docx, openpyxl, python-pptx, rarfile, py7zr, plus system tools like poppler-utils). No extraneous credentials, binaries, or unrelated capabilities are requested.
Instruction Scope
Runtime instructions are narrowly scoped to listing and reading local files and archive contents. The implementation reads archive members into temporary files under /tmp (predictable names) then processes them; this is expected but creates a minor risk (race/symlink) if run in multi-user or untrusted environments. The SKILL.md correctly documents required system and Python dependencies; it does not instruct any network calls or exfiltration.
Install Mechanism
No install spec is provided (instruction-only behavior plus an included script). There is no download-from-URL or archive extraction at install time, so no high-risk install mechanism is present. The script does depend on third-party Python packages and some system packages documented in SKILL.md.
Credentials
The skill requests no environment variables, credentials, or config paths. All required permissions are local filesystem access to the files/archives the user asks it to read, which is proportionate to the stated purpose.
Persistence & Privilege
The skill does not require persistent presence (always is false). It does not modify other skills or system-wide settings based on the provided files. Autonomous invocation is allowed by default but is not combined with other red flags.
Assessment
This skill is coherent for reading local documents and archives, but take these precautions before installing/running: 1) Install the documented system packages (apt-get) and Python packages in an isolated environment (venv/container) and be aware apt-get requires root. 2) Avoid running against untrusted archives on multi-user systems because the script writes predictable temp files in /tmp (use a sandbox or modify the script to use tempfile to prevent symlink/race issues). 3) textract and some format handlers rely on external binaries (e.g., poppler/pdftotext, unrar) — ensure those are installed from trusted sources. 4) If you need stronger safety, review the full script locally (it contains no network calls or credential access) or adapt it to use secure temporary files (tempfile.NamedTemporaryFile) and stricter path handling before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk972mg52pq1zeg7fz6148mcgd584ecqw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments