ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

paper-architecture-diagram

v1.0.0

自动化处理本地医学图像分割论文,提取结构解析与绘图提示,严格按步骤保存结果至指定文本文件。

0· 66·0 current·0 all-time
by@m1ss-cell

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for m1ss-cell/paper-architecture-diagram.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "paper-architecture-diagram" (m1ss-cell/paper-architecture-diagram) from ClawHub.
Skill page: https://clawhub.ai/m1ss-cell/paper-architecture-diagram
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install paper-architecture-diagram

ClawHub CLI

Package manager switcher

npx clawhub@latest install paper-architecture-diagram
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (extract diagrams/prompts from local medical papers and save to a local file) aligns with the instructions and the declared mcp capability in config.yaml. However, the SKILL.md hard-codes the local paths to /home/xie/..., which is specific to a particular user environment and not generally appropriate. Requiring Gemini (external service) and MCP browser/file-write are plausible for the stated purpose but the hard-coded path reduces portability and suggests the skill was authored for a single host.
!
Instruction Scope
Instructions explicitly demand uploading a local medical paper to Gemini via MCP browser-file-upload and prohibit outputting parsed results until the skill writes them to disk. Uploading possibly sensitive medical PDFs to an external model/service is a privacy risk. The instructions also force procedural constraints (never end unless step 7 writes file, forbid printing intermediate results) that can cause the agent to insist on writing to disk or loop until the write succeeds. The requirement to use browser-file-upload rather than other UI actions is unusually prescriptive but consistent with automated file transfer—still it increases the chance of exfiltration to an external service.
Install Mechanism
Instruction-only skill with no install steps and no additional binaries or packages declared. From an install-mechanism viewpoint this is low-risk—nothing is written to disk by an installer and there are no download URLs.
!
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, it requires access to specific local filesystem paths (/home/xie/桌面/...), which is a form of privileged local access: the skill will read a local PDF and write an output file. For medical data this is a meaningful sensitivity concern. The fixed home path is disproportionate for a general skill and may indicate it was designed for a single user's environment rather than general use.
Persistence & Privilege
The skill does not request always:true and does not modify other skills/configs. It does require using MCP to write a local file (normal for a tool that saves results). The coercive requirement 'task not complete until file written' and the ban on outputting results before write are unusual and can cause the agent to continue operating until the file write succeeds; this increases operational/risk surface (loops, repeated uploads) but is not itself an elevation of privilege.
What to consider before installing
Before installing or running this skill, consider the following: - Privacy: the skill instructs uploading a local PDF (medical imaging paper) to Gemini (an external model/service). If the paper contains sensitive patient data or confidential research, do not upload it without appropriate consent and data‑handling controls. - Hard-coded path: the skill uses /home/xie/桌面/... for both input and output. If your files are elsewhere the skill will fail or may attempt to access unrelated files. Ask the author to parameterize the base directories or confirm the intended host. - Forced behavior: the SKILL.md forbids ending the task unless the agent successfully writes the output file and forbids printing results before writing. This can cause repeated uploads, long-running loops, or unexpected file writes—test carefully with a non-sensitive dummy PDF first. - Access required: the skill needs MCP browser/file-upload and MCP file-write capabilities enabled. Review what MCP will actually do (network upload, write to your filesystem) and ensure you trust the endpoint. - If you need to proceed: run a controlled test (dummy paper) and verify exactly what data is sent to Gemini and what ends up in /home/youruser/desktop/analysis/. If the skill is intended for general distribution, ask the maintainer to remove hard-coded paths, document privacy implications, and add explicit consent and configurable paths. If you can provide more context—who operates /home/xie on the target machine, whether Gemini Pro is an approved service for your data, or whether the tool should run entirely locally—I can raise or lower the confidence and refine the advice.

Like a lobster shell, security has layers — review code before you run it.

latestvk971s1a5w2stzk0vy98hcw1hes84p0gk
66downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@m1ss-cell
latest
Download

角色与目标

你是一个严谨的自动化科研助手。你的任务是通过 MCP 控制浏览器,严格按步骤处理本地的医学图像分割论文,并将 Gemini 的结构解析与绘图 Prompt 保存到本地。

核心参数拼接 (内部使用)

  • 输入文件/home/xie/桌面/papers/{{paper_name}}.pdf
  • 输出文件/home/xie/桌面/analysis/{{paper_name}}.txt

全局强约束(🔥新增关键约束)

  1. 必须严格按步骤编号执行,禁止跳步。
  2. 每执行一步前,必须输出当前状态的判断依据。
  3. ❗任务唯一完成标志是:步骤7成功写入文件。
  4. ❗如果未执行步骤7写文件,则任务视为失败,禁止结束对话。
  5. ❗禁止在步骤6输出最终整理结果(否则视为违规结束)。

工作流程

步骤 1:进入 Gemini

  1. 使用 MCP 浏览器工具打开 Gemini 网页。
  2. 确认当前使用的是 Pro 模型(若不是,请切换)。

步骤 2:上传论文

禁止点击上传文件 一定要使用 browser-file-upload 上传文件:/home/xie/桌面/papers/{{paper_name}}.pdf

  • 判定条件:必须等待页面出现完整文件名或“上传完成/100%”提示。
  • 强制等待:轮询页面状态,至少等待 5–10 秒。未确认完成前,禁止点击提交。
  • 二次确认:确认完成后额外等待 2 秒,防误判。若文件消失则重新上传。

步骤 3:输入提示词(仅输入,不提交)

将以下提示词完整输入 Gemini:

你现在是一名深度学习研究员 + 科研绘图专家,仔细阅读我提供的论文内容,并完成以下任务:

  1. 模型结构解析:整体架构、核心模块、完整数据流。
  2. 核心模块拆解:输入/输出、内部结构、改进点、解决的问题。
  3. 训练与推理流程:半监督机制、损失函数、推理差异。
  4. 论文讲解所需图:总体框架图、核心模块图(逐个)。
  5. Nano Banana 图像生成 Prompt(每张图): (1)基础 Prompt(deep learning architecture diagram) (2)风格:clean academic style, white background, vector graphic, minimalistic, pastel color blocks, clearly labeled arrows (3)结构:模块名称 + 数据流(left to right)+ skip/multi-branch (4)负面:no realistic objects, no people, no textures, no shadows, no 3D rendering, no photorealism

步骤 4:检查并提交

确认【文件已上传】且【提示词已输入】后,点击发送。

步骤 5:等待生成完成

  • 持续轮询页面
  • 等待文本停止增长
  • 无“生成中 / thinking / loading”
  • 至少等待 10 秒

步骤 6:提取并整理内容(内部缓存,禁止直接打印结束)

从最终回复中,提取所有需要绘制的图名称及其对应的 Nano Banana Prompt,在你的内部记忆中严格整理为如下格式:

[图1名称] Prompt: xxxx

[图2名称] Prompt: xxxx

❗关键约束(非常重要):

  • 禁止将整理结果输出到对话框
  • 禁止在此步骤结束任务
  • 本步骤只是中间处理阶段

👉 完成后必须立即进入步骤7

步骤 7:调用 MCP 写入本地文件(🔥核心终点,绝不能跳过)

这是整个流程最关键的一步。你必须主动调用 MCP 的文件写入能力,将步骤 6 整理好的完整内容,写入到本地计算机中。

  • 目标路径/home/xie/桌面/analysis/{{paper_name}}.txt
  • 写入模式:覆盖写入。
  • 执行前声明:必须先输出“已整理完毕,正在调用工具写入本地文件...”后再执行工具调用。

步骤 8:终点验证

仅当满足以下条件,才允许结束任务:

✅ 文件写入成功
✅ MCP返回成功结果

然后输出:

👉 “任务彻底完成,解析结果已成功保存至 /home/xie/桌面/analysis/{{paper_name}}.txt。”

Notes(🔥新增防止再次出错)

  • ❗禁止在步骤6结束任务
  • ❗禁止用“输出结果”代替写文件
  • ❗写文件是唯一终点
  • ❗未写文件 = 任务未完成

Comments

Loading comments...