ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Huo15 Openclaw Office Doc

v4.1.1

【青岛火一五信息科技有限公司】企业级 Word 文档生成技能,支持两种模式:规则模式(默认)和模板模式。触发词:写word,写文档、生成word、生成文档、创建文档、.docx、Word文档、写合同、写方案、写报告、写会议纪要、按模板生成、导出PDF、Word转PDF、生成PDF。

0· 74·0 current·0 all-time
byJob Zhao@zhaobod1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and runtime instructions are focused on generating .docx and converting to PDF (uses python-docx and a python script). However the uploaded package contains multiple unrelated skill modules and scripts (MIT 48h learning, multi-agent, searxng, knowledge-base, etc.). Bundling many different capabilities together is disproportionate to the single 'office doc' name and increases the attack surface (unexpected scripts that may be executed or installed when cloning the repo).
Instruction Scope
The SKILL.md instructs calling local scripts (create-word-doc.py, word-to-pdf.py) and to read template .docx files — that's within scope. It also instructs installing LibreOffice for PDF conversion. A pre-scan flagged unicode-control-chars in SKILL.md (possible prompt-injection attempt) which is suspicious: while the document's operational steps are narrow, the injection signal should be investigated and the SKILL.md reviewed for hidden/control characters before trusting it.
Install Mechanism
No install spec is provided (instruction-only skill), which is lower risk. README suggests cloning the whole repository or using a 'clawhub' installer; cloning the repo will place many scripts on disk (including ones unrelated to document generation). There are no third-party download URLs or archives in the skill metadata itself, but the repo references external domains (e.g., tools.huo15.com, clawhub.ai).
Credentials
The office-doc SKILL.md does not request environment variables or credentials (good). However the package contains other skills (MIT learning) that do require CLI tools and auth (NotebookLM) and write state into home (~/.mit-learn-notebook-id, ~/.openclaw/*). If you install the whole repository or follow README steps you may end up deploying components that need credentials or perform network auth, which is beyond the office-doc feature.
Persistence & Privilege
This skill does not set always:true and does not declare elevated privileges. Scripts in the repo create files under the user's home (e.g., ~/.openclaw/workspace, ~/.mit-learn-notebook-id) which is expected for local tooling but you should be aware they write local state. There is no direct evidence the skill attempts to modify other skills' configurations.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md content was flagged for unicode control characters that can be used for prompt or log injection. This is not expected for a straightforward documentation of behavior and should be inspected — these characters can hide or alter visible text.
What to consider before installing
What to consider before installing/using this skill: - The skill's functionality (generate .docx and convert to PDF) is coherent and uses local Python scripts (python-docx). That part is reasonable. - The uploaded bundle contains many unrelated skills and scripts (MIT learning, multi-agent, searxng, knowledge-base). If you clone or install the whole repository you will place many extra scripts on your machine that may request logins, write files under your home directory, or call external services. Only install the specific office-doc subfolder if you want to minimize exposure. - Pre-scan flagged unicode control characters in the SKILL.md (possible prompt-injection). Inspect SKILL.md for invisible/control characters and remove them before trusting automated processing. - Before running anything: - Review the create-word-doc.py and word-to-pdf.py sources to confirm they do only expected file reads/writes and no unexpected network exfiltration or execution. - Avoid running scripts as root. Run in a sandboxed environment (VM/container) if possible. - Be cautious about executing the MIT / NotebookLM scripts included in the repo — they can perform interactive logins and store credentials in your home directory. - The PDF conversion requires LibreOffice; installing system packages has its own risk and should be done from trusted package sources. If you want, I can: (A) scan create-word-doc.py and word-to-pdf.py for suspicious behavior (network calls, subprocess execs, reading arbitrary config files), or (B) produce a minimal checklist of lines/strings to look for when auditing the Python scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk976nxkeqbfzbz3d3tg6ghecyx84pxj3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments