Skillv1.0.0

ClawScan security

教案内容写入PPT备注 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 6:58 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions consistently implement a local-only tool that reads .docx/.pptx files from a hard-coded Windows directory and writes speaker notes; there are minor tooling and documentation mismatches but no indications of credential access or data exfiltration.
Guidance: This skill is internally coherent: it reads local .docx/.pptx files from a hard-coded Windows path, extracts text from docx, and writes notes back into PPTX files using python-pptx. Before installing or enabling it: 1) verify and (if needed) correct the configured directory path(s) in the scripts so they point to the intended folder (there's a small mismatch between paths in SKILL.md and the two scripts). 2) Run the scripts on a copy of your files first — they write new PPTX files and may overwrite or create files next to originals. 3) Be aware the scripts will pip-install python-pptx at runtime (they download from PyPI) — if you need to avoid network installs, pre-install dependencies. 4) Fix/testing note: one script contains minor code/indentation oddities; review the files locally before running. 5) Because the skill can be invoked autonomously by an agent, only enable it if you trust it to access the specified local directory; otherwise restrict invocation to manual triggers.

Review Dimensions

Purpose & Capability: noteThe name/description (extract lecturer activities from lesson plans and write them to PPT notes) matches the provided Python scripts: both search a local course directory for 教案.docx and 课件.pptx and operate on those files. Notes: the SKILL.md path (G:\own\支教\...) and the two scripts' default paths differ slightly (one uses G:\own\备教\...), which is likely a typo and limits the skill to a specific Windows drive. The weekly scheduler described in SKILL.md is not implemented in the code (triggering is manual/CLI).
Instruction Scope: noteSKILL.md instructs scanning a specific local directory and using python-pptx and zipfile to parse docx; the scripts do exactly that. They only access local filesystem paths (searching under the configured directory) and save output files alongside originals (with fallback to Desktop). No network endpoints or external HTTP calls are used in the code. Minor scope issues: SKILL.md suggests automatic weekly runs, but scheduling is not implemented; scripts will install python-pptx at runtime (network access to PyPI) and will operate on any matching files under the configured directory.
Install Mechanism: noteThere is no external install spec in the registry (instruction-only), but both scripts attempt to pip-install python-pptx at runtime using subprocess. That triggers network access to PyPI when run if the package is missing — expected for the stated dependency but worth noting because it downloads and installs code at runtime.
Credentials: okThe skill requests no environment variables or credentials. Its filesystem access is limited to a hard-coded (configurable by CLI) course directory and output files saved next to the original PPTs (or to Desktop on save failure). No secrets, cloud credentials, or unrelated config paths are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent privileges. It does not modify other skills or global agent settings. Note: the agent will be able to invoke the skill autonomously by default (platform default), which means an agent with this skill could run the scripts and therefore access the local course directory when triggered.