ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

8917 DOCX Official

v0.1.1

将 Markdown 或其他已有内容转换为符合中国党政机关公文/正式文件格式的 `.docx` 文档;需要时也可输出 PDF。适用于:生成公文、报告、方案、通知、汇报、意见、纪要等正式文档,或用户要求把 Markdown/文本内容排版为公文格式 Word。触发词:公文格式、正式文件、官方格式、转成 docx、公文...

1· 98·0 current·0 all-time
by叶澄风@blicae8917
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (produce official-format .docx/.pdf) match the shipped files: SKILL.md, a formatting reference, and a conversion script. Declared required binaries (python3, gcc, soffice) are reasonable: python3 for the script, soffice for PDF conversion, gcc to compile a small local shim used only if AF_UNIX sockets are unavailable.
Instruction Scope
SKILL.md instructs the agent to prepare Markdown, optionally consult the bundled reference file, and run scripts/md2docx.py. The script's runtime behavior (parsing Markdown, producing .docx, optionally invoking LibreOffice to convert to PDF) stays within the stated scope and does not request unrelated files, credentials, or network endpoints.
Install Mechanism
This is instruction-only (no install spec). The included Python script dynamically writes C source to a temp dir and compiles a shared object with gcc for LD_PRELOAD if needed; compilation uses only local included source (no external downloads). Dynamic compilation is somewhat higher-risk than pure-Python scripts but is justified here to work around sandboxed LibreOffice environments.
Credentials
The skill does not request credentials or config paths. It reads/writes only local temporary files and the user-supplied input/output paths. It sets LD_PRELOAD in subprocess environment when needed (affects only the subprocess used to run soffice). No secrets are collected or transmitted.
Persistence & Privilege
always is false; the skill does not request persistent system-wide changes. It creates temporary files and a cached shim in the temp directory but does not modify other skills or global configuration.
Assessment
This skill appears coherent and implements its stated purpose. Before installing or running it, consider: (1) it will invoke LibreOffice (soffice) to produce PDFs—install LibreOffice if needed; (2) it may require the Python package python-docx in the environment (not auto-installed by the skill); (3) the script may compile a small C LD_PRELOAD shim (using gcc) to allow LibreOffice to run in sandboxed environments — compiling and LD_PRELOADing code is sensitive, so only run this if you trust the skill source or test in an isolated environment; (4) fonts referenced (方正*, 仿宋, 宋体, etc.) may not be available on all systems and could affect output appearance. If you are uncomfortable with local compilation or LD_PRELOAD, run the script in a VM/container or request a version that avoids the shim (or provide a system where AF_UNIX is allowed).

Like a lobster shell, security has layers — review code before you run it.

latestvk97d5jphj49gg205myg23hcqad839aew

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binspython3, gcc, soffice

Comments