基金月报信息提取
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a local PDF-to-Excel processing skill with no evidence of credential use or data exfiltration, but users should notice its folder access, manual dependency setup, and self-asserted safety claims.
Before installing, confirm you are comfortable giving the skill access to the specific PDF/Excel files or folder you choose. Install OCR and Python dependencies only from trusted sources, prefer explicit “start processing” confirmation, and manually verify the generated financial spreadsheets because OCR and template mapping can be imperfect.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could start processing earlier than the user expected, creating output spreadsheets from the files already received.
The documented fallback may begin processing uploaded files without a fresh explicit confirmation. It is aligned with the workflow, but users should know when file reading and output generation will start.
规则:如果用户超过30秒没有发送新文件,自动开始处理
Use explicit confirmation before processing, and keep batch folders limited to the intended PDF and Excel files.
Installing dependencies from the wrong source or with broad system privileges could introduce unrelated risk.
The skill documentation requires external Python packages and system OCR/PDF utilities, despite the registry showing no install spec or required binaries. This is purpose-aligned but should be handled deliberately.
pip install pdfplumber openpyxl pdf2image pytesseract Pillow ... sudo apt-get install tesseract-ocr tesseract-ocr-chi-sim poppler-utils
Install dependencies manually from official package sources, preferably in a virtual environment, and avoid granting unnecessary privileges beyond system package installation.
A user could over-trust the skill based on bundled self-review language rather than the actual code and instructions.
The artifact includes its own safety and trust assertions. These claims should be treated as documentation, not as independent approval.
**SAFE TO INSTALL** ✅ ... **Trust level:** High - Author is known user (Yujing2013)
Rely on an independent review of the artifacts and verify the outputs, especially OCR-derived financial data.