中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:20 hr ago Rescan
10 /100
paper-reader
Comprehensive PDF paper reader for academic research. Extracts text, figures, tables with multimodal analysis.
Documentation-only skill package with no implementation files. SKILL.md references non-existent scripts but contains no executable malicious code.
Skill Namepaper-reader
Duration32.9s
Enginepi
Safe to install
This skill package is incomplete - it only contains documentation without any actual implementation scripts. Verify that the skill scripts are properly bundled before deployment, or request the developer to provide the missing implementation files.

Findings 2 items

Severity Finding Location
Low
Missing Implementation Files Doc Mismatch
SKILL.md references scripts at '~/.openclaw/skills/paper-reader/read_paper.py' and describes CLI usage, but no implementation files exist in the package. hasScripts=false in pre-scan.
python3 ~/.openclaw/skills/paper-reader/read_paper.py paper.pdf --full
→ Verify that implementation scripts are properly bundled or clarify if scripts are installed separately at runtime.
 SKILL.md:1
Low
Missing allowed-tools Declaration privile_escalation
SKILL.md does not declare any allowed-tools permissions. Per the capability model, permissions should be explicitly declared.
No allowed-tools section found
→ Add an allowed-tools section declaring required permissions (e.g., Read for filesystem:READ if reading PDFs).
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No scripts exist to infer filesystem access
Shell NONE NONE No bash/python scripts found in package
Network NONE NONE No network access code present
Environment NONE NONE No environment access code present

File Tree

2 files · 3.2 KB · 116 lines
Markdown 1f · 115L JSON 1f · 1L
├─ 📋 _meta.json JSON 1L · 264 B
└─ 📝 SKILL.md Markdown 115L · 2.9 KB

Security Positives

✓ No malicious code present - package contains only documentation
✓ No sensitive file access attempted
✓ No network exfiltration or C2 communication
✓ No credential harvesting code
✓ No obfuscated or base64-encoded payloads