中文工具包
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: chinese-toolkit Version: 1.0.1 The skill is suspicious due to a significant supply chain risk identified in `install.sh`, which clones the project from `https://github.com/utopia013-droid/luxyoo.git` instead of the declared `https://github.com/openclaw/chinese-toolkit` (or `openclaw-cn/chinese-toolkit` as seen in other documentation). This inconsistency in the source repository is a critical vulnerability. Additionally, `openclaw_integration.py` exposes `_handle_ocr` and `_handle_convert` methods that likely wrap command-line tools (like `tesseract` and `opencc` mentioned in `SKILL.md` and `scripts/install_deps.sh`). Without the full implementation of these methods, there is a high risk of shell injection if input parameters are not properly sanitized, leading to a potential Remote Code Execution vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent follows these bundled release instructions outside a maintainer workflow, it could publish or update skills using the user's account.
A Chinese text-processing skill bundles instructions that encourage immediate execution of a publishing workflow. Publishing to ClawHub is a high-impact account action and is not needed for ordinary Chinese text/OCR/translation use.
## 🚀 立即执行:一键完成所有发布 ... .\complete_release.ps1 ... npx clawhub publish . --version $version
Do not let the agent run the release or publishing guides unless you are intentionally maintaining this package. The publisher should remove these release guides from the distributed runtime skill or clearly mark them as maintainer-only.
Following these instructions could grant or use GitHub/ClawHub account authority for publishing, which goes beyond processing text or translation.
The bundled documentation asks for GitHub/ClawHub authentication and describes account privileges unrelated to the toolkit's stated Chinese-language processing purpose.
npx clawhub login --token YOUR_GITHUB_TOKEN ... GitHub OAuth ... 可以读取用户信息和邮箱 ... 可以发布技能到市场
Only authenticate GitHub/ClawHub for this package if you are deliberately publishing it. End users installing the toolkit should not provide GitHub tokens or OAuth access for normal use.
If executed unintentionally, these commands could disrupt a GitHub repository or overwrite shared history.
The emergency troubleshooting section documents force-push commands. In the wrong context, these can overwrite repository history and propagate changes to shared projects.
git push github master --force ... git push github v1.0.0 --force
Treat force-push instructions as maintainer-only and require explicit human confirmation before any repository-mutating command.
Text submitted for translation may be sent to third-party translation APIs.
The translation feature sends user-provided text to an external translation provider. This is expected for a translation skill, but it is a sensitive data flow users should notice.
url = "https://fanyi-api.baidu.com/api/trans/vip/translate" ... 'q': text
Avoid translating confidential documents through external providers unless you are comfortable with that provider's data handling. Prefer local translation modes for sensitive content if available.
Users may need to provide third-party API keys for some features, and those keys should be protected.
The skill documents provider API credentials for translation/cloud services. These credentials are purpose-aligned, but the registry metadata declares no required environment variables or primary credential.
export BAIDU_TRANSLATE_APP_ID="your_app_id" ... export TENCENT_CLOUD_SECRET_KEY="your_secret_key"
Store provider credentials securely, scope them to the minimum needed permissions, and do not share them with unrelated workflows.
Some processed results could persist temporarily in a cache or logs.
The skill configuration enables caching. Caching is reasonable for performance, but for translation/OCR/document workflows it may retain derived content unless users understand where and how it is stored.
"cache": { "enabled": true, "ttl": 3600, "max_size": 1000, "cleanup_interval": 300 }Review cache and logging settings before processing sensitive documents, and disable or clear caches when privacy matters.
Installing dependencies can add software to the user's machine and may require elevated privileges for system packages.
The skill asks users to install Python and system dependencies. This is expected for OCR/audio/text tooling, but it changes the local environment and should be user-approved.
pip install -r requirements.txt ... sudo apt-get install tesseract-ocr tesseract-ocr-chi-sim ffmpeg ... brew install tesseract tesseract-lang ffmpeg
Run installation commands only after reviewing requirements and prefer a virtual environment for Python packages.