Skywork Document (skywork) - Use for ANY task producing a document output. Generates professional documents in docx, pdf, markdown, and html. Capabilities: (...
Security Analysis
high confidenceThis skill appears to do what it says — a document generator that uploads user files and sends requests to the Skywork API — but it will send full user content and uploaded files to a remote service, so avoid providing sensitive data unless you trust the provider.
Name/description align with required artifacts: python3 and a SKYWORK_API_KEY are expected for calling a remote Skywork Doc API. The included scripts implement parsing reference files and creating documents, which matches the stated purpose.
SKILL.md and the scripts explicitly instruct uploading user-provided files and sending the full, verbatim user request to the Skywork server. They also recommend saving gathered context to disk and passing it as reference files. This is coherent with a remote document-generation service but has privacy implications (explicitly stated in SKILL.md). There are no instructions to read unrelated system files or other environment variables.
No install spec is provided (instruction-only install), and the script files are plain Python. No external downloads, installers, or unusual install behavior are present in the bundle.
Only one credential is requested (SKYWORK_API_KEY), which is the expected primary credential for a cloud API. The SKILL.md and scripts consistently use that env var; no other secrets or unrelated env vars are requested.
always:false and user-invocable; the skill does not request permanent or elevated platform privileges and does not attempt to modify other skills or global agent settings. Guidance describes storing the API key in OpenClaw config, which is normal for credential configuration.
Guidance
This skill will upload any files you pass and send the full user prompt (verbatim) to https://api-tools.skywork.ai/theme-gateway using your SKYWORK_API_KEY. That is normal for a cloud document generator, but do not supply confidential or highly sensitive data unless you trust Skywork's security and privacy practices. Verify the API key is stored securely in your OpenClaw or environment config, and consider testing with non-sensitive documents first. If you need on-prem or offline processing, this skill is not suitable.
Latest Release
v1.0.9
- Description streamlined for clarity and conciseness; redundant details and extra examples removed. - Usage scenarios and trigger keyword lists condensed to focus on core functionality. - Prerequisite and workflow instructions updated for brevity, improving accessibility for all users. - No behavioral or API changes; documentation only.
More by @gxcun17
Published by @gxcun17 on ClawHub
