会议议程生成助手
AdvisoryAudited by VirusTotal on Apr 3, 2026.
Overview
Type: OpenClaw Skill Name: meeting-agenda-tool Version: 1.0.0 The skill is a legitimate tool for generating meeting agendas in Word and PDF formats. The Python script `scripts/generate_agenda.py` uses standard libraries like `python-docx` and `docx2pdf` to create documents based on user-provided JSON data. While the script performs automated dependency installation via `pip` and executes system commands to invoke LibreOffice for PDF conversion, these actions are directly aligned with the stated purpose in `SKILL.md` and are implemented using safe practices (e.g., passing arguments as lists to `subprocess.run` to prevent shell injection). No evidence of data exfiltration, persistence, or malicious intent was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may fetch and execute third-party Python package code from the package ecosystem if dependencies are missing.
The script downloads and installs missing Python packages at runtime. This is related to the document-generation purpose, but the packages are not pinned or handled through a declared install spec.
subprocess.check_call([sys.executable, "-m", "pip", "install", "--quiet"] + missing)
Prefer pre-installing reviewed, pinned versions of the required packages in a controlled environment before running the skill.
PDF generation may open or run local document-conversion software on the user's machine.
The script can automate Microsoft Word or run LibreOffice to convert the generated .docx file to PDF. This is purpose-aligned, but it invokes local applications and subprocesses.
word = win32com.client.Dispatch("Word.Application") ... subprocess.run([soffice, "--headless", "--convert-to", "pdf", "--outdir", pdf_dir, docx_abs], capture_output=True, timeout=60)Run it in a normal user workspace, avoid sensitive output paths, and manually convert the Word file if automatic PDF conversion is not desired.