Skillv1.0.0

ClawScan security

DOCX TO HTML CONVERTER · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 4, 2026, 5:53 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a straightforward DOCX→HTML converter, but the package metadata and runtime requirements are inconsistent with the registry declarations (missing required binaries/install steps), so review and sandboxing are recommended before use.
Guidance: This skill's implementation (Python wrapper + Node/mammoth) is coherent with its stated purpose, but the registry metadata omits required binaries (Node.js and Python) — treat that as a packaging oversight. Before installing or running: (1) inspect package-lock.json for unfamiliar packages (already provided here; mammoth and common deps look normal); (2) run npm install in a sandbox or isolated environment, not on a production host; (3) ensure Node.js (v16+) and Python 3 are available; (4) if you will process sensitive documents, run the conversion in a secure/local environment since the code writes files to disk and npm packages will be downloaded; and (5) if you need a higher assurance, ask the publisher for corrected metadata and a signed release or a packaged install spec.

Purpose & Capability: noteThe code and SKILL.md match the stated purpose (using mammoth.js to convert .docx to HTML). However the registry metadata declares no required binaries or env vars while the SKILL.md explicitly requires Python 3 and Node.js; that mismatch is unexpected and should be corrected.
Instruction Scope: okRuntime instructions are narrowly scoped to locating a .docx file, running the provided convert.py wrapper (which calls the included Node script), and verifying the HTML output. The instructions do not request or reference unrelated system files, credentials, or external endpoints.
Install Mechanism: noteThere is no formal install spec in the registry; instead the SKILL.md instructs running 'npm install' in scripts/. That downloads packages from the public npm registry (package-lock.json is provided). This is a common pattern but increases risk compared with an explicit reviewed install spec; the lockfile points to known packages (mammoth and dependencies) and there are no download-from-arbitrary-URL steps.
Credentials: okThe skill does not request environment variables or credentials and the code does not access secrets or unrelated config paths. All file I/O is limited to the user-supplied input .docx and the specified output .html.
Persistence & Privilege: okThe skill is not 'always' enabled and does not attempt to modify other skills or global agent settings. It runs on-demand and does not request elevated or persistent privileges.