ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

enterprise-diagnosis-report

v1.0.0

整合企业基本信息、财税诊断、政策匹配三份报告,生成综合诊断分析报告;当用户需要企业诊断报告汇总、财税分析整合或政策匹配综合分析时使用

0· 41·0 current·0 all-time
by@wangl271
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (整合企业三份报告并生成综合诊断) align with included artifacts: a PDF parsing script (uses PyMuPDF and requests), a detailed report template, and SKILL.md instructions that describe extracting and consolidating report contents. The declared dependencies are appropriate for PDF download/parse.
Instruction Scope
SKILL.md confines runtime actions to: download or read PDFs, extract text via scripts/pdf_parser.py, and organize/extract information according to references/report_template.md. It does not direct the agent to read unrelated system files, access environment secrets, or transmit extracted data to external endpoints beyond fetching PDFs.
Install Mechanism
No install spec is provided (instruction-only plus included script). No remote downloads or installers are executed by the skill itself. Dependencies are standard Python packages declared in SKILL.md (PyMuPDF, requests).
Credentials
The skill requests no environment variables, credentials, or config paths. The operations (downloading and parsing PDFs) do not require secrets by design.
Persistence & Privilege
always:false and default invocation settings are used. The skill does not request persistent privileges, modify other skills, or alter system-wide agent settings.
Assessment
This skill appears to do what it claims: download or read PDFs, extract text, and help you produce a consolidated diagnosis. Before using it, consider: (1) Provide only PDFs you trust—the script will download arbitrary URLs, which could be used to request internal/internal‑only endpoints (SSRF risk) if you supply internal URLs. (2) The included parser extracts text but does not perform OCR on scanned images—manually verify tables/numbers. (3) The agent or script will process potentially sensitive financial data—avoid submitting confidential reports unless you trust the execution environment. (4) If running locally or in a shared environment, review scripts/pdf_parser.py and install dependencies (PyMuPDF, requests) in an isolated environment (virtualenv/container). (5) No external data exfiltration endpoints are hard-coded in the skill, but always review any outputs before sharing externally.

Like a lobster shell, security has layers — review code before you run it.

latestvk976hds7nc0b7h2kwt656v2egs83rd08

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments