← Back to Skills Marketplace
80
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install textin-xparse-parser-safe
Description
Parse documents into clean markdown or structured JSON via the xparse-cli. Use this skill when the user provides a PDF, image, Office file, HTML, OFD, or oth...
Usage Guidance
This skill appears to be a legitimate document-parsing helper that expects the third‑party xparse-cli tool, but there are two things to check before installing: (1) the registry metadata omits the declared dependency and config path (xparse-cli and ~/.xparse-cli/config.yaml), so verify you are comfortable with that mismatch; (2) the SKILL.md includes piped-install commands that fetch and execute a script from https://dllf.intsig.net — avoid running curl|sh or PowerShell iex unless you trust the vendor. Safer steps: manually review the installer script before running it, prefer installing from an official package manager or a signed release (GitHub release or vendor-provided binary), and only provide APP_ID/SECRET_CODE to the CLI if you trust the service. If you want higher assurance, ask the publisher for a canonical installation source or an install package (e.g., GitHub release) and confirm the domain dllf.intsig.net belongs to the vendor.
Capability Analysis
Type: OpenClaw Skill
Name: textin-xparse-parser-safe
Version: 0.1.1
The skill bundle contains instructions in SKILL.md that steer the AI agent to prioritize the 'xparse-cli' tool over standard libraries and includes a high-risk installation method using 'curl | bash' (and PowerShell 'iex') for a remote script hosted at dllf.intsig.net. While the documentation includes a directive for the agent to warn the user and offer script inspection, the execution of unverified remote code and the aggressive steering of agent behavior are significant security risks. No evidence of explicit malicious intent or data exfiltration was identified.
Capability Assessment
Purpose & Capability
The SKILL.md clearly depends on the xparse-cli binary and optionally on TextIn (XPARSE_APP_ID/XPARSE_SECRET_CODE) for paid features. However, registry metadata lists no required binaries, env vars, or config paths — an inconsistency that could mislead reviewers or automated gate checks.
Instruction Scope
Runtime instructions are narrowly scoped to calling xparse-cli parse, inspecting output, handling encrypted PDFs, and asking the user when credentials or passwords are required. The instructions do reference a user config file (~/.xparse-cli/config.yaml) and environment variables for credentials, which are reasonable for this tool, but those config paths/envs are not declared in the registry metadata.
Install Mechanism
There is no packaged install spec in the registry, but SKILL.md provides vendor installer commands that execute remote scripts: `source <(curl -fsSL https://dllf.intsig.net/...)` and `irm https://dllf.intsig.net/... | iex`. Running remote scripts via shell/PowerShell is high risk because it executes fetched code directly; the host is a vendor domain (dllf.intsig.net) rather than a well-known release host like GitHub Releases. The skill does suggest asking the user to inspect the script first, but inclusion of these commands in instructions is a significant install-risk indicator.
Credentials
The skill uses only service-specific credentials (XPARSE_APP_ID, XPARSE_SECRET_CODE) for paid features and the CLI stores creds in ~/.xparse-cli/config.yaml. Those credentials are proportional to the documented paid API capabilities. However, the registry metadata did not declare these optional env vars or config path, creating an apparent omission.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges and is user-invocable only. It does describe the CLI storing credentials in its own config file (~/.xparse-cli/config.yaml), which is expected behavior for a CLI tool; the skill itself does not ask to modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install textin-xparse-parser-safe - After installation, invoke the skill by name or use
/textin-xparse-parser-safe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Remove broken setup.sh references and clarify remote installer approval guidance
Metadata
Frequently Asked Questions
What is TextIn xParse Document Parse (Safer Fork)?
Parse documents into clean markdown or structured JSON via the xparse-cli. Use this skill when the user provides a PDF, image, Office file, HTML, OFD, or oth... It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.
How do I install TextIn xParse Document Parse (Safer Fork)?
Run "/install textin-xparse-parser-safe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TextIn xParse Document Parse (Safer Fork) free?
Yes, TextIn xParse Document Parse (Safer Fork) is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TextIn xParse Document Parse (Safer Fork) support?
TextIn xParse Document Parse (Safer Fork) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TextIn xParse Document Parse (Safer Fork)?
It is built and maintained by JerryZhao (@zhaorui921); the current version is v0.1.1.
More Skills