ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Universal Extractor

v1.0.0

Extract clean text from URLs, articles, documents, and files. Four extraction micro-services. Use when you need to pull content from web pages, PDFs, or any...

0· 52·0 current·0 all-time
by@renoblabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (text extraction) aligns with the provided endpoints (clean-url, extract-article, extract-document, extract-file). However the SKILL.md omits the host/URL root for the POST endpoints (it only gives paths like /x402s/clean-url) and also references a paid 'x402' protocol without declaring any credentials or wallet requirements — this is inconsistent with a self-contained extractor skill and suggests missing integration details.
!
Instruction Scope
Instructions explicitly tell the agent to POST base64-encoded files and URLs to external endpoints, which would transmit arbitrary user content (including sensitive data). There is no guidance on which hostname to use, how to authenticate, or how to handle clearance/consent. The instructions grant the agent broad discretion to send user content to an unspecified external service.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes on-disk risk because nothing will be written or executed by an installer, which is appropriate for a simple API-invoking skill.
!
Credentials
The SKILL.md claims 'No API keys needed' but indicates requests are paid in USDC via an 'x402' protocol on Base — this implies a wallet/transaction signing mechanism or external payment flow that is not declared. The skill requests sending content but declares no credentials; the absence of any declared credential or payment mechanism is disproportionate to the stated paid API behavior and is an unresolved inconsistency.
Persistence & Privilege
The skill does not request always-on presence and uses normal agent invocation rules. It does not declare changes to other skills or system-wide settings.
What to consider before installing
Do not send sensitive documents or secrets to this skill until the following are clarified: (1) what is the full API host/URL to which POST requests will be sent (domain, TLS expectations), (2) how are payments actually performed (does the agent need a wallet/private key or will billing be handled outside the agent?), (3) who operates the service and what is their privacy policy/retention rules, and (4) whether data is stored or logged by the service. If you still want to try it, test with non-sensitive sample files first, confirm expected costs, and prefer using a sandbox or throwaway account/wallet. If the publisher cannot supply API docs, host name, and a clear payment flow, do not install or use the skill for private data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c6ky86xg7gc13558a39kkk984n2th

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments