Back to skill
Skillv2.3.0
ClawScan security
基金月报信息提取 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 9:26 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions align with its stated purpose (local PDF→Excel extraction and template filling); it requires local OCR and PDF tooling but does not request credentials or make network calls.
- Guidance
- This skill appears coherent and implements local PDF→Excel extraction. Before using it: (1) install Python deps in a virtualenv and install system packages (tesseract, poppler) as documented; (2) do not point the skill at system or sensitive folders—only provide folders containing the monthly reports you want processed; (3) run it in an isolated/test environment first to confirm OCR accuracy and template mapping (OCR can misread chart text); (4) verify generated Excel files for correctness; (5) note the skill may call local binaries (tesseract, pdftoppm) when OCR is used, but it makes no network calls and does not request credentials. Finally, the SKILL.md reference version differs slightly from registry metadata—this is benign but you may want to confirm you have the intended version.
Review Dimensions
- Purpose & Capability
- okName/description match the included scripts and reference docs: the Python scripts and references implement PDF text extraction, optional OCR, template learning, and Excel generation. Required tools (pdfplumber, openpyxl, pdf2image, pytesseract) are appropriate for the described functionality.
- Instruction Scope
- okSKILL.md and the references strictly describe reading user-provided PDFs/Excel and writing output Excel files. The code only touches files in user-specified paths or temporary directories; there are no instructions to read system credential files, user profiles, or other unrelated data. The batch-processing behavior (scan a user-specified folder) is documented and consistent with the skill purpose.
- Install Mechanism
- noteThis is instruction-only (no automated installer). The docs require several Python packages and system binaries (Tesseract, Poppler). Those are reasonable for OCR/PDF processing, but they are system-level dependencies and must be installed manually (not provided by the skill). Users should install them in a virtual environment and ensure the platform supports running tesseract/pdftoppm.
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. All file I/O is limited to user-supplied folders and temporary dirs. There are no unrelated secrets or external service tokens requested.
- Persistence & Privilege
- okThe skill does not request permanent presence or elevated privileges (always=false). It writes output files to user-specified locations (or a documented default remote output path), and learning state is described as ephemeral/in-memory. No system-wide configuration changes are performed.