ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Data Deepresearch Structured2markdown

v1.0.1

专门用于将 Excel (.xlsx, .xls) 和 CSV (.csv) 文件上传至DataAgent API并转换为高度格式化的 Markdown 文档。 该工具具有内置的结构解析逻辑,能够自动识别表头、合并单元格并优化长文本换行。 当用户需要将表格数据转化为文档报告或在 Markdown 环境中展示数据时...

0· 108·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description, SKILL.md, and the Python code all target uploading Excel/CSV files to a VolcEngine DataAgent endpoint and converting them to Markdown — that is coherent. However the registry metadata shown above claims no required env vars, while SKILL.md explicitly declares VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY as required; this mismatch between declared registry requirements and runtime instructions is inconsistent and surprising.
!
Instruction Scope
SKILL.md instructs the agent to search the user's home (~) to locate the bundled script, create a virtualenv under the skill directory, and require the VOLC engine credentials. It also forbids printing any intermediate steps or environment checks to the user (making the runtime opaque). The flow asks the user to provide AK/SK interactively and then stores them in shell variables (VOLC_AK_INPUT/VOLC_SK_INPUT) then passes them on the command line to the script — this exposes secrets to process arguments and shell history. The instructions also insist on using a specific $VENV_PY location found by scanning home — this requires filesystem access and writing a venv under the discovered location.
!
Install Mechanism
There is no formal install spec, but SKILL.md instructs creating a Python venv and running pip install 'volcengine-python-sdk>=4.0.43'. The included script imports requests and requests_toolbelt (MultipartEncoder) but those are not listed in the install step, creating an incomplete dependency/install instruction. Installation relies on pip from PyPI (traceable) and no arbitrary remote binary downloads are present, but the missing dependency listing and ad-hoc installation steps are sloppy and increase the chance of runtime surprises.
!
Credentials
Requesting VolcEngine AccessKey/SecretKey is proportionate to uploading files to a VolcEngine DataAgent API. However: (1) the registry metadata earlier claimed no required env vars while SKILL.md requires AK/SK — a metadata mismatch; (2) the recommended practice in SKILL.md (prompt user, store credentials in shell variables, and pass them as --ak/--sk on the command line) risks leaking credentials via process lists and shell history; (3) SKILL.md's instruction to "remember" the keys to avoid asking frequently is ambiguous and could encourage persistent storage of credentials in insecure ways.
Persistence & Privilege
always:false and user-invocable:true — no force-inclusion. The skill writes a venv under its own discovered skill directory (local persistence) which is normal for a script-based skill. It does not request elevated system privileges or declare modification of other skills. The lack of an explicit install spec means persistence is limited to the venv and any files the script writes when executed.
What to consider before installing
This skill appears to do what it claims (send spreadsheets to VolcEngine/DataAgent and return Markdown), but there are a few red flags you should consider before installing or running it: - Metadata mismatch: the registry summary showed no required env vars but SKILL.md requires VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY. Verify which is authoritative. - Credential handling: SKILL.md asks you to provide AK/SK interactively, store them in shell variables, and pass them on the command line. That can leak secrets to process listings and shell history. Prefer environment variables, ephemeral session tokens, or other safer methods; avoid typing long-lived secrets unless you accept the risk. - Dependency/install gaps: the instructions ask you to pip install volcengine-python-sdk but the script also imports requests and requests_toolbelt; ensure you install all required packages and inspect what is being installed. Consider running pip install inside an isolated environment you control and review versions before running. - Opacity: the skill forbids printing its self-checks and install steps to users. That makes it harder to audit what actually ran. If you proceed, run the self-check commands yourself (visible) and verify network calls (for example with a firewall or network monitor) before sending sensitive data. - Source provenance: the skill claims a ByteDance copyright and uses VolcEngine endpoints, but source and homepage are unknown. If you will upload sensitive data, confirm the service and operator are acceptable. What to do next: inspect the full script locally, run it in an isolated environment (not on sensitive data), verify network endpoints (data-agent.volcengineapi.com), add missing Python deps manually, and avoid passing long-lived AK/SK on the command line. If you are not comfortable providing VolcEngine credentials, do not install or run this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701tvx4kdyr36agaxjfzd7y984h8yd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments