← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install textin-xparse-parser-safe
功能描述
Parse documents into clean markdown or structured JSON via the xparse-cli. Use this skill when the user provides a PDF, image, Office file, HTML, OFD, or oth...
安全使用建议
This skill appears to be a legitimate document-parsing helper that expects the third‑party xparse-cli tool, but there are two things to check before installing: (1) the registry metadata omits the declared dependency and config path (xparse-cli and ~/.xparse-cli/config.yaml), so verify you are comfortable with that mismatch; (2) the SKILL.md includes piped-install commands that fetch and execute a script from https://dllf.intsig.net — avoid running curl|sh or PowerShell iex unless you trust the vendor. Safer steps: manually review the installer script before running it, prefer installing from an official package manager or a signed release (GitHub release or vendor-provided binary), and only provide APP_ID/SECRET_CODE to the CLI if you trust the service. If you want higher assurance, ask the publisher for a canonical installation source or an install package (e.g., GitHub release) and confirm the domain dllf.intsig.net belongs to the vendor.
功能分析
Type: OpenClaw Skill
Name: textin-xparse-parser-safe
Version: 0.1.1
The skill bundle contains instructions in SKILL.md that steer the AI agent to prioritize the 'xparse-cli' tool over standard libraries and includes a high-risk installation method using 'curl | bash' (and PowerShell 'iex') for a remote script hosted at dllf.intsig.net. While the documentation includes a directive for the agent to warn the user and offer script inspection, the execution of unverified remote code and the aggressive steering of agent behavior are significant security risks. No evidence of explicit malicious intent or data exfiltration was identified.
能力评估
Purpose & Capability
The SKILL.md clearly depends on the xparse-cli binary and optionally on TextIn (XPARSE_APP_ID/XPARSE_SECRET_CODE) for paid features. However, registry metadata lists no required binaries, env vars, or config paths — an inconsistency that could mislead reviewers or automated gate checks.
Instruction Scope
Runtime instructions are narrowly scoped to calling xparse-cli parse, inspecting output, handling encrypted PDFs, and asking the user when credentials or passwords are required. The instructions do reference a user config file (~/.xparse-cli/config.yaml) and environment variables for credentials, which are reasonable for this tool, but those config paths/envs are not declared in the registry metadata.
Install Mechanism
There is no packaged install spec in the registry, but SKILL.md provides vendor installer commands that execute remote scripts: `source <(curl -fsSL https://dllf.intsig.net/...)` and `irm https://dllf.intsig.net/... | iex`. Running remote scripts via shell/PowerShell is high risk because it executes fetched code directly; the host is a vendor domain (dllf.intsig.net) rather than a well-known release host like GitHub Releases. The skill does suggest asking the user to inspect the script first, but inclusion of these commands in instructions is a significant install-risk indicator.
Credentials
The skill uses only service-specific credentials (XPARSE_APP_ID, XPARSE_SECRET_CODE) for paid features and the CLI stores creds in ~/.xparse-cli/config.yaml. Those credentials are proportional to the documented paid API capabilities. However, the registry metadata did not declare these optional env vars or config path, creating an apparent omission.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges and is user-invocable only. It does describe the CLI storing credentials in its own config file (~/.xparse-cli/config.yaml), which is expected behavior for a CLI tool; the skill itself does not ask to modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install textin-xparse-parser-safe - 安装完成后,直接呼叫该 Skill 的名称或使用
/textin-xparse-parser-safe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Remove broken setup.sh references and clarify remote installer approval guidance
元数据
常见问题
TextIn xParse Document Parse (Safer Fork) 是什么?
Parse documents into clean markdown or structured JSON via the xparse-cli. Use this skill when the user provides a PDF, image, Office file, HTML, OFD, or oth... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 TextIn xParse Document Parse (Safer Fork)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install textin-xparse-parser-safe」即可一键安装,无需额外配置。
TextIn xParse Document Parse (Safer Fork) 是免费的吗?
是的,TextIn xParse Document Parse (Safer Fork) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
TextIn xParse Document Parse (Safer Fork) 支持哪些平台?
TextIn xParse Document Parse (Safer Fork) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TextIn xParse Document Parse (Safer Fork)?
由 JerryZhao(@zhaorui921)开发并维护,当前版本 v0.1.1。
推荐 Skills