by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's description matches its purpose (convert manuals into solution proposals and images), but there are packaging and instruction mismatches (missing helper module, no PDF/DOCX-to-Markdown conversion code) that make its behavior unclear and warrant caution before installing.
评估建议
This skill appears to implement the advertised document-to-solution conversion and image generation, but the package has packaging/instruction gaps that can break or mislead usage:
- Missing conversion path: SKILL.md claims to accept DOCX/PDF/Markdown, but the included build_docx.py only accepts Markdown. If you plan to feed DOCX/PDF, you must convert them to Markdown yourself or confirm the agent provides a converter.
- Missing helper module: build_docx.py imports a docx_style module from ../_...详细分析 ▾
ℹ 用途与能力
Name/description align with the included scripts (diagram generation and DOCX assembly). However, SKILL.md states the skill can read DOCX/PDF/Markdown uploaded by users, while the provided build_docx.py only accepts a Markdown input and there is no code to convert DOCX/PDF→Markdown. Also build_docx.py imports a docx_style module from a ../_shared path that is not present in the package—this missing dependency is disproportionate to the stated purpose and will break execution unless provided.
⚠ 指令范围
Runtime instructions ask the agent to 'read user uploaded' documents (DOCX/PDF/Markdown). The repository supplies a Markdown parser and diagram generator but no code to parse PDF/DOCX or to sanitize/inspect user data. The scripts write image files and a .docx to local disk (expected), and generate fonts via fc-list (runs a subprocess). There are no instructions or safeguards for handling sensitive content in uploaded manuals.
✓ 安装机制
No install specification is declared (instruction-only skill). The SKILL.md recommends pip installing matplotlib and python-docx at first run. There are no external downloads, URLs, or archive extraction in the package. The suggested pip commands use --break-system-packages which may be problematic in some environments but are not inherently malicious.
✓ 凭证需求
The skill requests no environment variables or credentials. It runs only local operations (file reads/writes, matplotlib drawing, python-docx usage, and a subprocess call to fc-list to detect system fonts). This level of access is proportionate to the stated capability, though the subprocess usage should be noted.
✓ 持久化与权限
The skill is not always-included and does not request elevated privileges. It writes generated images and a .docx file to disk (expected for its purpose). There is no evidence it modifies other skills or agent-wide configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/17
manual-to-solution v1.0.0 - Initial release of the skill for converting software/system operation manuals into professional solution proposal documents. - Provides full workflow: manual parsing, gap analysis, solution design, value mapping, diagram generation, and final DOCX assembly. - Supports extraction of system features, user roles, business flows, and technical characteristics from uploaded manuals. - Outputs: editable Markdown, formal DOCX files with standard diagrams, and individual PNG image files for documentation. - Includes customizable industry focus and compliance mapping, diagram generation with matplotlib, and DOCX styling options.
● Pending
安装命令
点击复制官方npx clawhub@latest install manual-to-solution
镜像加速npx clawhub@latest install manual-to-solution --registry https://cn.longxiaskill.com镜像同步中