云上驱动打印
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill mostly matches its cloud-printing purpose, but it sends documents to a cloud service, handles an undeclared optional bearer token, and includes a contradictory fallback note that could make an agent bypass the safer print pipeline.
Review this skill before installing. It is not clearly malicious, but use it only if you accept cloud upload of print files, can control any CDF_PRINT_API_KEY you provide, and will avoid the obsolete raw TCP 9100 fallback described in the reference notes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Files you print, and related printer/job metadata, may be sent to https://any.webprinter.cn for conversion and print-data generation.
The selected local file is uploaded to the cloud print provider before conversion/rendering, which is consistent with the stated cloud-driver printing purpose but means document contents leave the local machine.
response = _post_multipart_file("/openapi/mcpClient/uploadFileMCP", file_path=file_path)Only use this skill for documents you are comfortable sending to that cloud service, and verify the provider’s privacy/security expectations before printing sensitive files.
If you set CDF_PRINT_API_KEY, the skill may send that token with cloud API requests and related downloads, so the credential scope is not fully clear from the registry.
The code can attach a bearer token from the environment even though the registry metadata declares no required/env credential. Common headers are also reused by the downloader, creating a broader credential boundary than the metadata describes.
API_KEY_ENV = "CDF_PRINT_API_KEY" ... headers["Authorization"] = f"Bearer {api_key}"Declare CDF_PRINT_API_KEY in metadata, document exactly where it is sent, restrict it to the print provider, and avoid attaching Authorization headers to arbitrary returned file URLs unless the host is validated.
An agent or user following the older fallback note could bypass the intended cloud rendering pipeline and send incompatible raw data to a printer, potentially causing failed jobs or printer instability.
A referenced diagnostic document recommends raw PDF sending to TCP 9100 as a fallback, which conflicts with SKILL.md’s hard constraint forbidding raw-file printing and with other notes that this can disrupt printers.
兜底方案:TCP 9100 裸发 PDF 到打印机。 ... s.sendall(open('/tmp/file.pdf', 'rb').read())Remove or clearly mark the raw TCP 9100 fallback as obsolete/unsafe, and require explicit user confirmation before any direct raw socket printing is attempted.
Printer names, IP addresses, models, drivers, and notes may remain on disk after use.
The skill stores discovered printer records persistently in Markdown files under its own directory, which is useful for repeated printing but creates retained local context.
REGISTRY_DIR = Path(__file__).resolve().parent / "printers" ... target.write_text(record.to_markdown(), encoding="utf-8")
Review or delete the generated printers directory if you do not want printer information retained between sessions.
Printing non-PDF files may launch LibreOffice locally and process the selected document on your machine.
The skill may run the local LibreOffice binary to convert documents when cloud conversion fails. This is disclosed and purpose-aligned, but it is an undeclared local executable dependency.
subprocess.run(["libreoffice", "--headless", "--convert-to", "pdf", str(file_path.resolve()), "--outdir", str(outdir)], ...)
Install LibreOffice only from a trusted source, keep it updated, and document it as an optional dependency for the fallback path.