Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
officecli-docx
v1.0.2Use this skill any time a .docx file is involved -- as input, output, or both. This includes: creating Word documents, reports, letters, memos, or proposals;...
⭐ 1· 133·0 current·0 all-time
by瓦砾@iceyliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (handle .docx files) matches the CLI commands and examples in the SKILL.md: the skill expects an 'officecli' command to inspect, create, and edit .docx files. However, the registry metadata lists no required binaries or install steps, while the SKILL.md mandates installing a third-party binary (officecli) before use — a mismatch between declared requirements and runtime instructions.
Instruction Scope
The runtime instructions include a 'BEFORE YOU START' block that executes curl/PowerShell to download and run an install script from raw.githubusercontent.com and uses the GitHub API to check releases. That means the agent is explicitly instructed to fetch and execute remote code. Aside from installation, the instructions operate only on the .docx files and local document paths; they do not instruct exfiltration of unrelated files or require extra env vars. The installation step is the primary scope risk.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md executes an installer fetched via curl from https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh (and a PowerShell equivalent). Download-and-execute from a raw GitHub URL is high-risk without checksum or signature verification. The install source is a commonly-used host (raw.githubusercontent.com), but running an unverified remote script is potentially dangerous and should be treated as such. Minor inconsistencies in repo name casing (OfficeCli vs OfficeCLI) suggest sloppy maintenance.
Credentials
The skill declares no required environment variables or credentials, and SKILL.md does not request secrets or unrelated env vars. That is proportionate to the described purpose. The remaining concern is that the installer script itself (not present in the skill bundle) could request or exfiltrate credentials — this cannot be assessed from the skill files alone.
Persistence & Privilege
always:false (good), but the agent is allowed to invoke the skill autonomously (platform default). Combined with the instruction to install a persistent third-party binary (officecli) by downloading and executing a remote script, this increases blast radius: an autonomously-invoked agent could install/run a binary with system-level effects. The skill does not modify other skill configurations, but installing new software is a lasting change to the environment.
Scan Findings in Context
[no_code_files_present] expected: The regex-based scanner found no code files because this is an instruction-only skill. The primary risk comes from the SKILL.md install commands, which the static scanner did not execute or fetch.
What to consider before installing
This skill's functionality (manipulating .docx files) looks coherent, but its SKILL.md tells the agent to curl a script from raw.githubusercontent.com and execute it to install a third‑party 'officecli' tool — without any checksum or signature verification and while the skill metadata declares no required binaries. Before installing or allowing autonomous use: (1) inspect the installer script at https://raw.githubusercontent.com/iOfficeAI/OfficeCli/main/install.sh yourself (do not run it) to verify what it does; (2) prefer installing officecli manually from a trusted, signed release (or request the skill author provide a verified install spec); (3) if you must run the automated install, run it in a sandboxed environment or VM; (4) ask the publisher for a homepage, release checksums/signatures, or an official package source (e.g., GitHub releases with checksums or a well-known package registry); and (5) avoid giving this skill broad autonomous execution privileges until you confirm the install script is safe. If you can't validate the installer, treat this skill as high-risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97cm49a384efqztvbzh2fpxtn840ea4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.