Docx Cn 1.0.1

This skill appears to actually implement .docx/.pptx/.xlsx unpacking, editing, validation, and packing — that part is coherent. Before installing or running it, consider: - Required tools: The skill expects LibreOffice (soffice), pandoc, pdftoppm, the docx npm package (docx-js), and gcc — but the skill metadata declares no required binaries. Ensure you only run it on machines where you trust those tools and understand they will be invoked. - Runtime compilation & LD_PRELOAD: The soffice helper writes a small C source file to the temp directory, compiles a shared object with gcc, and uses LD_PRELOAD for a socket shim. Compiling and preloading native code at runtime raises risk (can execute native operations and affect process behavior). If you don't want that, avoid using the functions that trigger the shim or run in an environment where AF_UNIX works so the shim isn't needed. - LibreOffice macro: The skill writes a StarBasic macro into a LibreOffice profile under /tmp to accept tracked changes and then calls soffice to run it. Macros can execute actions within LibreOffice; inspect the macro (it's visible in the repository) and run in an isolated environment if you have sensitive files. - Run in a sandbox: Test the skill on non-sensitive documents in an isolated environment (VM or container) first. Check that the temp files (/tmp/libreoffice_docx_profile and the compiled lo_socket_shim.so) are acceptable for your security posture and are removed if desired. - Verify provenance: The LICENSE states Anthropic but the source/homepage are unknown and owner metadata doesn't match that license header; consider whether you trust this package origin before use. If you need to proceed: review the soffice shim source and the macro content, confirm which external binaries will be invoked, and prefer running these scripts in a disposable environment (or adapt them to avoid runtime compilation and macro writes).