ClawHub

Official Layout Pro(公文专业排版技能包 )

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears to be a purpose-aligned Word document formatter, with no evidence of network access, credential use, persistence, or exfiltration.

This skill looks safe for formatting Word documents, but review the included Python code before installation, use trusted DOCX inputs and templates, and keep output files in a controlled workspace to avoid accidental overwrites.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

If invoked with an unintended path or template name, the skill could load the wrong local DOCX template or overwrite an accessible output file.

Why it was flagged

The tool reads a caller-provided input document, loads a template path derived from template_name, and saves to a caller-provided output_path. This is expected for document formatting, but the code does not enforce template-directory or output-directory boundaries.

Skill content
template_file = os.path.join(self.TEMPLATE_DIR, f"{template_name}.docx" if template_name else "default.docx") ... source_doc = Document(input_path) ... doc.save(output_path)
Recommendation

Use only trusted uploaded documents and template names, keep output_path inside a safe workspace or temporary directory, and consider adding path normalization and directory allowlisting.

#ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Users may not immediately realize that a Python formatter and dependency file are included, even though the code itself is visible and purpose-aligned.

Why it was flagged

The registry context describes the skill as instruction-only with no install spec, while the package includes executable Python code and config.yaml declares an entry_point. This is a packaging/metadata inconsistency, not evidence of malicious behavior.

Skill content
Version: 1.0.0 ... No install spec — this is an instruction-only skill ... Code file presence: 1 code file(s): main.py
Recommendation

Publish consistent registry metadata, install/capability declarations, and package version information so users can clearly understand what will run.