ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Eps

v2.1.0

Inspect EPS/PS/EPSF metadata and convert to PNG/JPG/SVG/PDF via API / 解析 EPS 元数据并通过 API 转换为 PNG/JPG/SVG/PDF

1· 112·0 current·0 all-time
byD@wangqianqianjun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (inspect EPS metadata and convert to PNG/JPG/SVG/PDF) match the SKILL.md content: all runtime instructions are curl calls to the described API endpoints for conversion and metadata. No extraneous dependencies, credentials, or binaries are requested.
Instruction Scope
Instructions are narrowly scoped to POSTing files to https://eps.futrixdev.com/api/convert and /api/info and performing a health check; they do not instruct reading unrelated files or environment variables. Note: the skill necessarily uploads user files to a third-party server — this is expected for the stated purpose but is a privacy/data-exfiltration risk if you upload sensitive content.
Install Mechanism
No install spec and no code files are included (instruction-only). This minimizes install-time risk — nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportionate for a simple API-based conversion service. However, it transmits user files to an external host (eps.futrixdev.com), so the primary risk is data exposure to that service rather than excessive credential access.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Normal agent invocation is allowed (disable-model-invocation is false), which is expected for user-invocable skills.
Assessment
This skill appears to be what it claims: it uploads EPS/PS/EPSF files to https://eps.futrixdev.com to inspect metadata or convert formats. Before installing or using it, consider: (1) Do not upload sensitive or confidential files — the conversion happens on a third-party server with no homepage or published privacy policy in the metadata provided. (2) Verify the service URL and TLS certificate and, if possible, review the service's privacy/data-retention policy. (3) Test with non-sensitive sample files first. (4) If you need offline or private processing, prefer a local tool (e.g., Ghostscript or other well-known converters) or a self-hosted service. (5) If you require stronger assurances, ask the publisher for source code, a privacy policy, or a reputable homepage/owner identity before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fhhszv2syhvdxszfe91j6ss849gny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments