ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paper Style Review

v1.0.0

结构化审校中文论文:从参考论文学习风格,统一结构图谱,执行格式/术语/逻辑/风格融合审查,并将结果回写为 Word 批注。

0· 63·0 current·0 all-time
by@urnotlhh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description and included scripts (document parsing, style profiling, format checking, and Word comment injection) are coherent with a paper-style-review tool. However, the registry metadata declares no required environment variables or credentials, while README/SKILL.md and the code refer to LLM configuration (e.g., PAPER_STYLE_REVIEW_LLM_API_KEY or OPENAI_API_KEY) and expect an OpenAI-compatible endpoint. Omitting these required credentials in the manifest is an incoherence that could mislead users about what the skill needs.
!
Instruction Scope
SKILL.md clearly limits scope (no embedded reference corpora, target-stage should only read style-profile.json, etc.). The scripts implement the advertised pipeline. Still, some runtime behaviors merit attention: helper code (annotation_anchor_infra.infer_target_path) will try to infer target docx paths by reading run-summary.json or by traversing parents to find a file named '论文修改版.docx' — this can cause the skill to read files outside the explicit output/input paths if placed in certain workspaces. The README also indicates the skill will read user-provided refs and target .docx files and call an LLM; those runtime reads/calls are expected, but the path-inference heuristics are not documented in SKILL.md and could access unexpected local files.
Install Mechanism
There is no install spec in the registry (instruction-only), but the skill bundle includes many runnable Python scripts. That means installation is a matter of running the included Python code and installing its Python dependencies (openai, python-docx, lxml, PyMuPDF, etc.) — no external binary downloads were observed in the provided files. This is a moderate risk: code will execute locally, but there are no opaque remote install steps in the package itself.
!
Credentials
Although the registry lists no required environment variables, the README and code reference LLM-related environment variables (PAPER_STYLE_REVIEW_LLM_API_BASE, PAPER_STYLE_REVIEW_LLM_API_KEY, PAPER_STYLE_REVIEW_LLM_MODEL and compatible OPENAI_* variables). Requesting an LLM API key is proportionate for functionality, but the manifest omission is inconsistent and could hide expected network access. Additionally, some config options mention external term validation (CNKI) and local terminology paths; those features are optional but increase the places where secrets/config might be needed. The code also inspects workspace paths (see infer_target_path), which has privacy implications for local credentials or documents present in the workspace.
Persistence & Privilege
The skill does not request 'always:true' and does not declare persistent elevated privileges. It is runnable on demand (user-invocable). There is no evidence in the provided files that it modifies other skills' configs or system-wide agent settings. Autonomous invocation is enabled (default) — normal for skills — but combined with the missing-declared-credentials issue this increases the importance of carefully scoping API keys used by the skill.
What to consider before installing
This package largely implements what it says (parsing .docx, deriving a style profile from user-supplied refs, running format/logic/style checks, and writing Word comments), but there are important mismatches and operational details to check before use: - The manifest lists no required env vars, but the README and code expect an LLM API key (examples: PAPER_STYLE_REVIEW_LLM_API_KEY or OPENAI_API_KEY and an API base). Expect the scripts to call an external LLM endpoint; do not run with your primary org key unless you are comfortable with that provider and network traffic. Consider creating a dedicated, rate-limited API key. - The code will read/write local .docx files you point it at. However, helper code contains heuristics (e.g., looking for run-summary.json or a file named '论文修改版.docx' in parent directories) that could read files outside the explicit inputs/outputs. Run the pipeline from a controlled working directory and inspect infer_target_path and related functions if you want to be certain which files will be accessed. - There is no remote installer, but you must install Python dependencies (openai, python-docx, lxml, PyMuPDF, etc.). Review requirements and run in a virtualenv or container. - Before installing or running: inspect llm_client.py to confirm which endpoints are called, and confirm no unexpected external endpoints beyond your chosen LLM provider. If you need stronger guarantees, sandbox execution (isolated VM/container) and use of a dedicated API key are recommended. - If the publisher updates the registry metadata to explicitly declare required env vars and documents the path-inference behavior, that would reduce ambiguity. If you can obtain such clarifications (or a signed manifest that includes the expected env vars), the assessment could be upgraded. In short: functionality matches purpose, but metadata/documentation mismatches and workspace path heuristics are reasons to treat this skill with caution and to run it in an isolated environment with dedicated API credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97da0h2thvgbajg39vaznb5rx83dwav

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments