ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

UniFuncs Reader

v0.0.4

Use UniFuncs Reader API to read web pages and documents such as PDF and Word and Excel and PPTX URL, with AI-powered content extraction. Use this skill when...

0· 499·0 current·0 all-time
byUniFuncs@vinlic

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for vinlic/unifuncs-reader.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "UniFuncs Reader" (vinlic/unifuncs-reader) from ClawHub.
Skill page: https://clawhub.ai/vinlic/unifuncs-reader
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install unifuncs-reader

ClawHub CLI

Package manager switcher

npx clawhub@latest install unifuncs-reader
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md and read.py all consistently implement a client for the UniFuncs Web Reader API (posting a target URL and options to https://api.unifuncs.com/api/web-reader/read). That behavior is coherent with the stated purpose. However, the registry metadata lists no required environment variables or primary credential, while both SKILL.md and read.py require UNIFUNCS_API_KEY — this discrepancy is unexpected and should have been declared.
!
Instruction Scope
Runtime instructions and the code direct the agent to transmit the target URL (and potentially content via the API) to a third-party endpoint (api.unifuncs.com). The CLI supports passing a Cookie header, which could forward session credentials for authenticated pages. The SKILL.md/code do not request or read unrelated local files, but they do instruct sending user-supplied page URLs and optional cookies to an external service — a privacy/data-exfiltration risk depending on content sensitivity.
Install Mechanism
No install spec or external downloads are declared; the skill is instruction/code-only and uses standard Python stdlib. There is no evidence of high-risk install behavior (no external archives, no URL-shortened downloads or nonstandard installers).
!
Credentials
The code requires an API key via the UNIFUNCS_API_KEY environment variable and the SKILL.md explicitly instructs the user to set it, but the skill metadata lists no required env vars or primary credential. This omission is incoherent and could mislead users into installing without realizing they must supply an API key. Additionally, the ability to pass --set-cookie means sensitive cookie strings may be forwarded to the third-party API if used.
Persistence & Privilege
The skill does not request elevated or persistent privileges. always is false and there is no indication it modifies other skills or agent-wide settings. Autonomous invocation is allowed (the default) but that alone is not a problem; combined with the above omissions, users should be cautious about enabling autonomous calls that upload URLs/content to an external service.
What to consider before installing
This skill implements a straightforward UniFuncs web-reader client, but the package metadata failed to declare that it requires an API key (UNIFUNCS_API_KEY). Before installing, consider: 1) The tool will send the target URL and extraction options (and optionally cookies) to api.unifuncs.com — do not use it for sensitive/private documents unless you trust the vendor and have reviewed their privacy/terms. 2) The metadata should explicitly list UNIFUNCS_API_KEY as a required credential; ask the publisher to correct the registry entry. 3) If you need to test, run read.py locally with a throwaway API key and inspect network traffic or logs first. 4) Be cautious about enabling autonomous invocation for this skill in agents that may run on sensitive data, since it can forward page content to a third party.

Like a lobster shell, security has layers — review code before you run it.

latestvk9773gm3szq4995b0a2v44d5bh83vhjn
499downloads
0stars
3versions
Updated 4h ago
v0.0.4
MIT-0
UniFuncs@vinlic
latest
Download

UniFuncs Reader Skill

Read web pages url and documents (PDF, Word, Excel, and PPTX) url with AI-powered extraction.

First-Time Setup

  1. Go to https://unifuncs.com/account to get your API key.
  2. Set the environment variable: export UNIFUNCS_API_KEY="sk-your-api-key"

When to Use

You have a web page or document URL and need to extract readable content from it.

Usage

python3 read.py "https://example.com"

Options

usage: read.py [-h] [--format {markdown,md,text,txt}] [--no-images]
               [--only-css-selectors ONLY_CSS_SELECTORS [ONLY_CSS_SELECTORS ...]]
               [--wait-for-css-selectors WAIT_FOR_CSS_SELECTORS [WAIT_FOR_CSS_SELECTORS ...]]
               [--exclude-css-selectors EXCLUDE_CSS_SELECTORS [EXCLUDE_CSS_SELECTORS ...]]
               [--link-summary] [--ignore-cache]
               [--set-cookie SET_COOKIE] [--max-words MAX_WORDS]
               [--read-timeout READ_TIMEOUT] [--topic TOPIC]
               [--preserve-source] [--extract-timeout EXTRACT_TIMEOUT]
               url

UniFuncs Web Reader API client

positional arguments:
  url                   Target URL to read.

options:
  -h, --help            show this help message and exit
  --format {markdown,md,text,txt}
                        Output format (default: md).
  --no-images           Exclude images from output.
  --only-css-selectors ONLY_CSS_SELECTORS [ONLY_CSS_SELECTORS ...]
                        Only include elements matching CSS selectors
                        (e.g. ".article_content").
  --wait-for-css-selectors WAIT_FOR_CSS_SELECTORS [WAIT_FOR_CSS_SELECTORS ...]
                        Wait until these CSS selectors appear before
                        parsing (e.g. "#main" ".content").
  --exclude-css-selectors EXCLUDE_CSS_SELECTORS [EXCLUDE_CSS_SELECTORS ...]
                        Exclude elements matching CSS selectors (e.g.
                        "#footer" ".copyright").
  --link-summary        Append all page links to the end of content.
  --ignore-cache        Ignore cache and fetch fresh content.
  --set-cookie SET_COOKIE
                        Set Cookie header value for pages requiring
                        authentication.
  --max-words MAX_WORDS
                        Maximum character count to read, range 0-1000000
                        (default: 1000000).
  --read-timeout READ_TIMEOUT
                        Read timeout in milliseconds (default: 180000).
  --topic TOPIC         Extract topic-focused content using an LLM.
  --preserve-source     Attach source references to each extracted
                        paragraph.
  --extract-timeout EXTRACT_TIMEOUT
                        Topic extraction timeout in milliseconds
                        (default: 180000).

Examples:
  read.py "https://mp.weixin.qq.com/s/wmoNh44A4ofkawPNVx_g6A" --format md

Comments

Loading comments...