Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
漫剧
v1.0.0将《寻秦记》小说文本转换为带文字说明的漫画(web-toon)格式,每章生成指定数量的漫画格图片。
⭐ 0· 405·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, SKILL.md, README, requirements.txt and the included libtv_qunqin.py are consistent: the skill reads a local story file, configures panel count/font/output_dir, calls WebtoonCreator from the libtv package, and writes PNG output. No unrelated capabilities or credentials are requested.
Instruction Scope
Runtime instructions and the script only read JSON from stdin and the referenced local story_file, create the output directory, invoke WebtoonCreator, and print a JSON result. The SKILL.md does not ask the agent to read other system files, env vars, or contact external endpoints directly.
Install Mechanism
There is no install spec included (instruction-only), but requirements.txt pins libtv==0.3.2 (plus Pillow and tqdm). Installing from PyPI is moderately risky because packages can contain arbitrary code; the skill itself does not include a source for libtv, so verify that libtv is a trustworthy package before pip installing.
Credentials
The skill requests no environment variables, credentials, or config paths—appropriate for a local file-to-image converter.
Persistence & Privilege
The skill does not request always:true or any elevated/persistent platform privileges; it runs only when invoked and does not write or modify other skill configurations.
Assessment
This skill appears to do exactly what it says: read a local UTF-8 text file and produce PNG web‑toon pages using a WebtoonCreator class. The main risk is the external dependency 'libtv' (libtv==0.3.2) referenced in requirements.txt — PyPI packages can execute arbitrary code at install/runtime. Before installing or running this skill: 1) inspect the libtv package source (e.g., pip download + unpack or check its repository) to ensure it doesn't perform network exfiltration or other unexpected actions; 2) run the script in a sandboxed environment (container or VM) with no access to sensitive files/credentials; 3) prefer running it on sample data first and review output files; and 4) if you cannot audit libtv, avoid installing it on systems with sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk97fem0je4rkv20y7jsyzb212s83mcfz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.