paper-reader 安全扫描报告 — 低风险 | ClawSafe

10 /100

paper-reader

Comprehensive PDF paper reader for academic research. Extracts text, figures, tables with multimodal analysis.

Documentation-only skill package with no implementation files. SKILL.md references non-existent scripts but contains no executable malicious code.

技能名称paper-reader

分析耗时32.9s

引擎pi

✓

可以安装

This skill package is incomplete - it only contains documentation without any actual implementation scripts. Verify that the skill scripts are properly bundled before deployment, or request the developer to provide the missing implementation files.

安全发现 2 项

严重性	安全发现	位置
低危	Missing Implementation Files 文档欺骗 SKILL.md references scripts at '~/.openclaw/skills/paper-reader/read_paper.py' and describes CLI usage, but no implementation files exist in the package. hasScripts=false in pre-scan. `python3 ~/.openclaw/skills/paper-reader/read_paper.py paper.pdf --full` → Verify that implementation scripts are properly bundled or clarify if scripts are installed separately at runtime.	`SKILL.md:1`
低危	Missing allowed-tools Declaration privile_escalation SKILL.md does not declare any allowed-tools permissions. Per the capability model, permissions should be explicitly declared. `No allowed-tools section found` → Add an allowed-tools section declaring required permissions (e.g., Read for filesystem:READ if reading PDFs).	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`NONE`	—	No scripts exist to infer filesystem access
命令执行	`NONE`	`NONE`	—	No bash/python scripts found in package
网络访问	`NONE`	`NONE`	—	No network access code present
环境变量	`NONE`	`NONE`	—	No environment access code present

目录结构

2 文件 · 3.2 KB · 116 行

Markdown 1f · 115L JSON 1f · 1L

├─ 📋 _meta.json JSON 1L · 264 B

└─ 📝 SKILL.md Markdown 115L · 2.9 KB

安全亮点

✓ No malicious code present - package contains only documentation

✓ No sensitive file access attempted

✓ No network exfiltration or C2 communication

✓ No credential harvesting code

✓ No obfuscated or base64-encoded payloads