ClawHub

Review Business Requirement Document Skill

v1.0.0

Review Business Requirements Documents in `.docx` format by reading the existing BRD, extracting paragraph-level context, drafting clarification questions fo...

1· 181·0 current·0 all-time
by@chipmunkrpa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (review BRD DOCX, add comments and tracked changes) align with the included Python script and SKILL.md. The script extracts paragraph text, builds a JSON review template, and materializes comments and tracked revisions into a new DOCX as described.
Instruction Scope
Runtime instructions are narrowly scoped to reading a source .docx, creating/consuming a paragraph-level review JSON, and writing a reviewed .docx alongside the source. The SKILL.md does not instruct reading unrelated files, sending data externally, or accessing environment secrets.
Install Mechanism
No install spec (instruction-only skill) which is low-risk. SKILL.md recommends pip installing lxml and python-docx — reasonable for DOCX workflows. The code actually manipulates DOCX XML via lxml and zipfile (python-docx is not required by the shown code), which is fine but brittle; there are no external downloads or package installs from untrusted URLs.
Credentials
The skill declares no required environment variables, credentials, or config paths and the code does not reference any secrets or external credentials. Requested resources are proportional to the stated functionality.
Persistence & Privilege
Skill is not always-enabled and does not request persistent or elevated privileges. It writes output files beside the source document as expected and does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims: extract paragraph units from a .docx, let you populate a JSON with comments/replacements, and produce a redlined .docx. It requests no credentials and makes no network calls. Before using it: (1) run the workflow on a copy of any important BRD (the script edits DOCX internals and can be brittle with complex layouts or media); (2) install lxml (and python-docx if you prefer) in an isolated environment; (3) manually inspect the produced .docx in Word to confirm comments and tracked changes are correct. Note: the script has some fragile handling of ZIP entries (it may not preserve every unmodified part of the original DOCX if run against complex documents), so test thoroughly and keep backups. If you want higher assurance, review the full script (scripts/brd_review_pipeline.py) before running it on sensitive documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk973009yjt52a7754sq3acb6h982t15f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments