Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
c刊期刊分析
v1.0.0C刊(CSSCI来源期刊)论文全面分析工具。当用户提供一个具体的C刊期刊名称(如"管理世界"、 "社会学研究"、"经济研究"等)时,自动通过知网(CNKI)查询该期刊最近5年所有期次的文章 目录、作者和摘要信息,并生成专业的Word分析报告。报告包含:选题热点趋势、高频关键词、 研究方法偏好、核心作者群、栏目主题...
⭐ 0· 346·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (CNKI/CSSCI journal analysis) matches the included pieces: a journal_codes reference, a browser-driven scraping workflow in SKILL.md, and a local Python analysis/report script. There are no unrelated environment variables, binaries, or cloud credentials requested.
Instruction Scope
SKILL.md explicitly instructs the agent to navigate CNKI pages, extract article lists, and (sample) abstracts, then run a local analysis script and save a Word report. This is within the stated purpose. Note: it relies on automated browsing and scraping and instructs the user to solve CAPTCHAs manually; it also suggests using WebSearch fallbacks. The scraping activity is expected for the purpose but has operational/ToS implications (see guidance).
Install Mechanism
No install spec (instruction-only with an included script). Dependencies are standard Python packages (jieba, wordcloud, python-docx, matplotlib, numpy) and are only suggested via pip. No downloads from untrusted URLs or archive extraction are present in the manifest.
Credentials
The skill requires no environment variables, credentials, or config paths. The Python script operates on local JSON input and writes outputs to an output directory (default ~/Downloads). There are no hidden credential accesses observed.
Persistence & Privilege
Flags indicate normal behavior (always:false, autonomous invocation allowed). The skill does not request persistent/always-on inclusion and does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it scrapes CNKI pages, builds a JSON dataset, runs a local Python analysis, and writes a Word report. Before installing or running it, consider: 1) Legal/ToS: scraping CNKI may violate their terms of service or access controls—ensure you have the right to scrape and respect copyright. 2) Access: CNKI may require institutional login or additional verification; the skill does not include credential handling and asks you to solve CAPTCHAs manually—do not paste credentials into chat. 3) Dependencies: you'll need to run pip3 install for several Python packages; review these packages and install them in a controlled environment (virtualenv). 4) Privacy: the skill will visit and extract content from CNKI and may use WebSearch fallbacks; review whether exposing article titles/abstracts to your agent is acceptable. 5) Code audit: the provided Python script appears benign and local, but part of it was truncated in the manifest—if you rely on this skill, inspect the full script to confirm no unexpected network calls or writing to unexpected locations. If you need a stricter risk posture, run the script in an isolated environment and avoid providing any login credentials through the agent.Like a lobster shell, security has layers — review code before you run it.
latestvk976392xr50wvhcm49qg1f94cx82qhnc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.