Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tech Analyzer
v1.0.0Deep analysis of technology researchers/innovators and their core technical advantages, with comparative analysis of similar teams domestically and internati...
⭐ 0· 41·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's declared purpose (analyze researchers and produce a DOCX report) aligns with the included templates and the helper script. However, SKILL.md explicitly requires pandoc for DOCX conversion and references platform tools (kimi_fetch, kimi_search, web_fetch, read) while the skill metadata declares no required binaries or environment. The missing declaration for pandoc and explicit tool dependencies is an inconsistency the author should justify or fix.
Instruction Scope
Runtime instructions are specific about inputs (PDF/DOCX/URLs/text), extraction methods, and search queries. They instruct the agent to fetch external URLs and perform broad searches (domestic and international). This is expected for the skill's purpose, but it grants the agent broad discretion to access arbitrary web resources and aggregate content — the SKILL.md does not add limits or indicate privacy/consent handling for sensitive files.
Install Mechanism
There is no install spec (lowest-risk delivery). The included Python script is simple and transparent. The main concern is an unstated dependency: SKILL.md instructs use of pandoc (a binary) for DOCX generation but the skill metadata does not list pandoc as required nor provide an install step or fallback. That omission should be addressed.
Credentials
The skill requests no environment variables, credentials, or config paths. The scope of requested data is limited to user-provided documents/URLs and web search results, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or modify other skills. It relies on on-demand invocation only (default behavior).
What to consider before installing
Before installing: 1) Confirm whether pandoc is available in the environment or ask the author to add a fallback (e.g., python-docx) or declare pandoc in required binaries/install steps. 2) Verify that the platform tools referenced (kimi_fetch, kimi_search, web_fetch, read) are available and permitted to be used by this skill — ask the author to list required platform tools explicitly. 3) Be aware the skill will fetch arbitrary URLs and ingest uploaded documents (CVs, papers). Don’t upload sensitive or proprietary material unless you trust the environment and know how fetched content is stored/retained. 4) If you need tighter control, request the SKILL.md be updated to: (a) declare all external tool/binary dependencies, (b) limit search domains or include opt-in for web searching, and (c) state data retention/where outputs are stored. These clarifications would move this assessment toward benign.Like a lobster shell, security has layers — review code before you run it.
latestvk971ytfrqf6x6w45f1kaz9bxgx83ryh4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.