Back to skill
Skillv1.0.0
VirusTotal security
paper-reader (XuRuitian version) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 3:26 AM
- Hash
- d0cdaabff485d6f25d8aeb77d74b74553a1549f7b5b41412a095befc44dbc8bf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: paper-reader-xuruitian Version: 1.0.0 The skill is designed to analyze academic papers and generate Word reports on the user's desktop. It is classified as suspicious because `scripts/extract_text.py` uses `subprocess.run` to execute system binaries (`textutil` on macOS and `antiword` on Windows) using user-provided file paths, which poses a potential command injection risk if filenames are crafted maliciously. Additionally, `scripts/generate_report.js` performs high-privilege file system writes to the user's Desktop directory. While these behaviors align with the stated functionality, the combination of external process execution and direct file system modification constitutes a significant attack surface.
- External report
- View on VirusTotal