ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

issuu_downloader

v1.0.0

Download any public Issuu document as a high-quality PDF with automatic proxy detection and anti-blocking features for reliable access.

1· 70·0 current·0 all-time
by@zykqyer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name, SKILL.md and code all align: the code fetches JPEG pages from Issuu and converts them to a PDF and implements proxy detection and retry logic. One minor incoherence: skill.yaml declares a structured output object (status, file_path, message) but the entrypoint run_skill returns just a file path (string). Also registry metadata/version (1.0.0) and skill.yaml (1.1.0) differ, which is likely a packaging oversight but not malicious.
Instruction Scope
SKILL.md instructs only to provide an Issuu URL (and optionally a proxy). The runtime instructions and code limit actions to probing local proxies on 127.0.0.1, testing a public host (https://www.google.com) to detect proxies, and fetching image pages from image.isu.pub. These network calls are coherent with auto-proxy detection and downloading pages. The skill writes files to a local downloads directory. No instructions to read unrelated user files or access environment secrets are present.
Install Mechanism
There is no explicit install spec, but a requirements.txt lists PyPI packages (requests, img2pdf, urllib3). That is a common installation approach but means dependencies will need to be installed in the agent environment (moderate-risk compared to instruction-only). No remote archives or obscure URLs are used.
Credentials
The skill requests no environment variables, no external credentials, and no config paths. The code does make outbound network requests (to google.com for proxy tests and image.isu.pub for images), which is proportional to its stated proxy-detection and download purpose.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or global agent settings. It writes outputs to a local 'downloads' directory only. It can be invoked autonomously by the agent (default), which is normal and expected for skills.
Assessment
This skill appears to do what it says, but check these before installing: - Dependency install: it needs Python packages (requests, img2pdf, urllib3). Ensure the agent environment can install and run these safely (use a sandbox or virtualenv). - Network activity: the skill will probe localhost proxy ports (127.0.0.1:7890, 1080, 1087) and make quick requests to https://www.google.com to detect proxies, then fetch images from image.isu.pub. If you want to avoid external network calls, do not run it. - Output mismatch: skill.yaml declares a structured JSON output but the Python entrypoint returns only a file path string — callers/integrations may need adaptation. - Files written: it creates a 'downloads' directory and writes the PDF there. Make sure you are comfortable with that location and have space. - Legal/ToS: using tools to bypass geographic blocks or download copyrighted content may violate Issuu's terms or copyright law. Only use on public content you have rights to access. - If uncertain, run the code in an isolated environment on a non-sensitive test URL first, and review/modify the code if you want different behavior (e.g., change proxy probing, output format, or output path).

Like a lobster shell, security has layers — review code before you run it.

latestvk97dfgb8fgsaw413kv5wqadfx9838wa4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments