ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

text-cleaner-cli

v1.0.0

清理文本中的多余空格、空行和行尾空白。

1· 94·0 current·0 all-time
by@askjda

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for askjda/text-cleaner-cli.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "text-cleaner-cli" (askjda/text-cleaner-cli) from ClawHub.
Skill page: https://clawhub.ai/askjda/text-cleaner-cli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install text-cleaner-cli

ClawHub CLI

Package manager switcher

npx clawhub@latest install text-cleaner-cli
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description say this is a local text-cleaning CLI. The included main.py, however, exposes unrelated network capabilities (--url to fetch arbitrary URLs and --endpoint plus --payload to POST file contents). Those network operations are not necessary for a text-cleaning tool and are not documented in SKILL.md.
!
Instruction Scope
SKILL.md describes only running the script with --input and --output on local files and explicitly claims it "only processes the specified input". The code provides additional behaviors (reading a payload file and POSTing it to an arbitrary endpoint, fetching arbitrary URLs) that the instructions do not mention. That mismatch means an agent or user following only SKILL.md may miss that data can be sent to external endpoints.
Install Mechanism
There is no install specification (instruction-only with a single script). Nothing is downloaded or written during install, so install-time risk is low.
!
Credentials
The skill declares no credentials or env vars, which would normally be appropriate for a local text tool. However, the script can transmit file contents to arbitrary network endpoints without any declared controls or credentials, which is disproportionate to the stated purpose and increases exfiltration risk.
Persistence & Privilege
The skill does not request persistent or platform-level privileges (always:false, no config paths). It does not modify other skills or system config based on the provided files.
What to consider before installing
This skill's documentation says it only cleans local text, but the included script can fetch URLs and POST a local payload file to any endpoint — a straightforward exfiltration vector. Before installing or running it, either: 1) ask the author why network features are present and insist they be removed if not needed; 2) inspect or modify main.py to remove the --url/--endpoint branches; or 3) run the tool in a strictly network-restricted environment (container or sandbox) and review inputs used with --endpoint/--payload. If you only need a text cleaner, prefer a version that contains only the file-processing logic and no network calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jmv0fawy4mt95pwvjjpq0h84c7wz
94downloads
1stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@askjda
latest
Download

text-cleaner-cli

能力边界

  • 只处理当前命令输入指定的数据,不做额外隐式操作。
  • 不依赖交互式界面,全部通过命令行完成。

输入参数

  • 按命令行参数传入,参数格式见下方步骤命令。

输出结果

  • 生成命令输出(stdout)和对应输出文件(JSON/TXT)。

执行步骤(具体操作)

  1. 在 skill 目录准备输入文件,例如 input.txt、data.json。
  2. 运行命令: python main.py --input <file> --output <file>
  3. 若命令失败,先执行 --help 查看参数,再修正参数重新执行。
  4. 查看输出文件内容,确认字段和行数符合预期。
  5. 记录本次命令和输出路径,便于后续复现。

验证命令

python main.py --input <file> --output <file> --help

Comments

Loading comments...