by 安全扫描
OpenClaw
安全
high confidenceThe skill's requirements and instructions are coherent with a Chinese-language summarizer: it fetches webpages with curl, reads local files with python3 tooling, and summarizes with the loaded model; nothing in the bundle appears to try to do unrelated or hidden actions.
评估建议
This skill appears to do what it says, but keep these practical cautions in mind:
- The agent will fetch any URL you provide and read any local path you provide — do not ask it to summarize sensitive secrets, private keys, or internal-only documents you don't want processed by the model.
- The skill recommends optional tools (pdftotext, pypdf, pdfminer, python-docx). pdftotext and Python libraries may need to be installed manually; the registry only declared curl and python3 as required.
- If a ...详细分析 ▾
✓ 用途与能力
Name/description (summarize local files, webpages, WeChat articles) aligns with what the SKILL.md instructs: using curl to fetch URLs and python3-based tools to extract text from PDFs/Word. Declared required binaries (curl, python3) are appropriate for the stated purpose. The skill recommends additional extraction tools (pdftotext, pypdf, pdfminer, python-docx) as optional/fallbacks, which is reasonable for robust extraction.
ℹ 指令范围
Instructions explicitly tell the agent to fetch arbitrary URLs with curl and to read local file paths (cat, python scripts, pdftotext). This behavior is expected for a summarizer but means the agent will access any path/URL the user supplies. The SKILL.md does not reference any external endpoints beyond the user-supplied URLs and contains no hidden exfiltration instructions. Minor inconsistency: SKILL.md uses pdftotext and several Python libraries but those are not listed in the registry's required binaries/dependencies; the skill handles this by prompting the user to install them as needed.
✓ 安装机制
Instruction-only skill with no install spec and no code files — lowest install risk. The skill suggests installing third‑party tools if necessary, but it does not itself download or execute external archives.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. The skill only needs local command-line tools and Python libraries to extract text, which fits its purpose.
✓ 持久化与权限
always:false and no install hooks or requests to modify agent/system configuration. The skill does instruct runtime commands that read files and fetch URLs, but it does not request persistent privileges or make permanent changes.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/21
修复安全扫描问题:元数据格式改为单行JSON,声明python3依赖
● 可疑
安装命令 点击复制
官方npx clawhub@latest install china-summarizer
镜像加速npx clawhub@latest install china-summarizer --registry https://cn.clawhub-mirror.com
技能文档
支持本地文件和网页内容的智能总结。 使用 OpenClaw 当前加载的模型进行总结,无需任何额外配置。
内容提取技术细节 → references/extract.md
总结提示词模板 → references/prompts.md
触发时机
- "帮我总结这篇文章:[URL]"
- "这篇公众号讲了什么:[URL]"
- "总结一下这个文件:/path/to/file.pdf"
- "提炼这份文档的核心内容:/path/to/file.docx"
- 用户粘贴一段文字,要求提炼要点
Step 1:识别内容源
包含 http:// 或 https:// → 网页/公众号 → [网页流程]
路径包含 .pdf → 本地 PDF → [PDF流程]
路径包含 .docx → 本地 Word → [Word流程]
路径包含 .txt / .md → 本地文本 → [文本流程]
用户直接粘贴文字 → 直接进入 → [总结流程]
[网页/公众号流程]
Step W1:curl 抓取
curl -s "{URL}" \
-H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" \
-H "Accept: text/html,application/xhtml+xml;q=0.9,/;q=0.8" \
-H "Accept-Language: zh-CN,zh;q=0.9,en;q=0.8" \
-L --max-time 15
Step W2:提取正文
从 HTML 提取纯文本,处理规则:
去除: