ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

中文哈佛论文生成

v0.1.0

将中文需求快速改写并排版为哈佛格式论文(含摘要、关键词、目录、分级标题、参考文献),并导出 .docx。用户提到“写论文、哈佛格式、学术润色、生成Word论文、参考文献Harvard”时使用。

0· 397·2 current·2 all-time
byLucas@yikailucas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name, description, SKILL.md, and included script all align: they transform user-provided material into a Harvard‑style Word document. However, the registry metadata claims 'Required binaries: none' while the included script explicitly requires pandoc (it aborts if pandoc is not installed). This is a minor inconsistency but expected for the described functionality.
Instruction Scope
SKILL.md stays within scope: it asks for title/purpose/length/materials, builds a Harvard structured markdown, and calls scripts/make_harvard_paper.sh to produce a .docx. The script reads the user-specified input file and writes a temp markdown and an output .docx. Reading a user-supplied file is expected for this task; note that if an agent is given a path to a sensitive local file, the script will read it — this is a general filesystem-access caveat, not a hidden behavior.
Install Mechanism
No install spec or remote downloads are present (instruction-only with a local script). The only external dependency is pandoc, which must be preinstalled; there is no installer that fetches arbitrary code or contacts remote hosts.
Credentials
The skill declares no environment variables, credentials, or config paths and the files do not attempt to read secrets or unrelated environment variables. This is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system settings. Autonomy (disable-model-invocation: false) is the platform default and not by itself concerning; it does not combine with other red flags here.
Assessment
This skill appears coherent and implements what it claims: it formats user-provided material into a Harvard‑style .docx using the included shell script. Before using it, note: (1) The script requires pandoc but the registry metadata does not list that — install pandoc locally before running. (2) You must provide a path to an input text/markdown file; the script will read whatever file path you pass, so avoid supplying paths to sensitive system files. (3) Review generated content for accuracy, citation correctness, and academic‑integrity concerns (the tool can produce plausible text but may need fact‑checking). (4) Inspect scripts/make_harvard_paper.sh yourself if you have doubts (it is short and readable). If you want to run this in an environment without pandoc or without direct filesystem access, consider having the skill accept raw text instead of a file path or run it locally where you control inputs and outputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bvkw5h18a99zvygv1e8kn3n824zm1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments