ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

read-gbk

v1.0.0

读取本地文本文件,支持 GBK/UTF-8 编码自动检测

0· 211·0 current·0 all-time
by张辰菁@delicate314

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for delicate314/read-gbk.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "read-gbk" (delicate314/read-gbk) from ClawHub.
Skill page: https://clawhub.ai/delicate314/read-gbk
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install read-gbk

ClawHub CLI

Package manager switcher

npx clawhub@latest install read-gbk
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included JS wrapper and Python reader. Requiring a Python binary is reasonable because the implementation calls a Python script to perform encoding detection and .docx/.pdf handling.
Instruction Scope
SKILL.md tells the agent to run the provided node script which invokes the bundled Python script. The runtime instructions and code only read a user-specified local file and optionally install helper libraries; they do not attempt to read unrelated system files, export credentials, or post file contents to external endpoints.
Install Mechanism
There is no install spec, but the Python code will auto-install python-docx and pypdf via pip on first use (subprocess.run calling pip). This downloads packages from PyPI at runtime and does not pin versions. This is expected for .docx/.pdf support but increases runtime network activity and can modify the user's Python environment.
Credentials
The skill requests no credentials or config paths. The JS wrapper reads process.env (and USERNAME to compose common Python paths) only to locate Python; the Python script uses sys.executable for pip. No secret-bearing environment variables are required or accessed.
Persistence & Privilege
always:false and no cross-skill configuration changes. However, the skill may alter the host Python environment by installing packages (python-docx/pypdf) into the active interpreter/site-packages; this is a persistent side-effect outside the skill's own files.
Assessment
This skill appears to do what it says: read local files with GBK/UTF-8 detection. Before installing/using it, consider: 1) The tool will attempt to run pip to install python-docx or pypdf from PyPI when reading .docx/.pdf — this requires network access and will modify your Python environment (use a virtualenv/conda env if you want to avoid global installs). 2) Package installs are unpinned (no fixed versions), so behavior can change over time; review/approve network installs if policy requires. 3) The skill reads arbitrary local file paths you provide — avoid pointing it at sensitive files unless you trust the environment. 4) If you need stricter isolation, run the scripts in a sandbox or inspect/execute the Python script manually. Overall the skill is internally consistent, but be mindful of the runtime pip installs and run in an isolated Python environment if that matters to you.
scripts/read-file.js:27
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📄 Clawdis
Binspython
latestvk974b3sqxsyqnm1mrw2p67rmhh834k77
211downloads
0stars
1versions
Updated 21h ago
v1.0.0
MIT-0
张辰菁@delicate314
latest
Download

read-gbk - 文件读取工具

读取本地文本文件,自动检测编码(优先 GBK,失败则尝试 UTF-8)。

前置要求

需要 Python 环境(Python 3.8+)

如果没有 Python,先安装:

方式 1:Miniconda(推荐)

# 下载安装:https://docs.conda.io/en/latest/miniconda.html

方式 2:Python 官方安装包

# 下载:https://www.python.org/downloads/
# ⚠️ 安装时勾选 "Add Python to PATH"

方式 3:winget 安装(Windows)

winget install Python.Python.3.11

自动安装的依赖

文件类型依赖库安装方式
.docxpython-docx首次读取时自动安装
.pdfpypdf首次读取时自动安装

无需手动安装这些库,首次使用时会自动安装。

快速开始

node {skillDir}/scripts/read-file.js "文件路径.txt"

支持的文件格式

格式说明
.txt纯文本文件(GBK/UTF-8 自动检测)
.mdMarkdown 文件
.csvCSV 文件(GBK 编码常见于 Excel 导出)
.log日志文件
.docxWord 文档(自动安装 python-docx)
.pdfPDF 文档(自动安装 pypdf,仅支持文字版 PDF)
.jsonJSON 文件
.xmlXML 文件
.ini / .cfg配置文件

编码检测逻辑

  1. 首先尝试用 GBK 解码(Windows 中文环境默认)
  2. 如果 GBK 解码失败,尝试 UTF-8
  3. 如果都失败,返回错误信息

示例

# 读取普通文本文件
node {skillDir}/scripts/read-file.js "D:\文档\笔记.txt"

# 读取 CSV 文件
node {skillDir}/scripts/read-file.js "D:\数据\报表.csv"

# 读取 Word 文档
node {skillDir}/scripts/read-file.js "D:\华为项目\病历.docx"

输出

  • 成功:输出文件内容(stdout)
  • 失败:输出错误信息(stderr),退出码 1

注意事项

  • 二进制文件(如 .exe, .zip, .jpg)不支持
  • 超大文件(>50MB)可能被截断
  • 首次读取 .docx 文件时会自动安装 python-docx(约 2-5 秒)
  • 避免在 PowerShell 管道中使用(如 | Select-Object),直接输出即可

Comments

Loading comments...