Minimax Docx
v1.0.0Enterprise-grade Word document generation. Creates validated .docx files with professional formatting, visual hierarchy, and cross-application compatibility.
⭐ 0· 2.3k·67 current·70 all-time
byKris@krisliu16
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the included assets: a Python CLI (docx_engine.py), a C# OpenXML codebase (src/*.cs), rendering helpers, and validation detectors. The workflows and commands in SKILL.md map directly to the provided code. Minor mismatch: SKILL.md and docx_engine.py reference src/DocForge.csproj but that .csproj file was not listed in the manifest, which could cause dotnet invocations to fail at runtime.
Instruction Scope
SKILL.md confines instructions to document creation, template application, validation, and preview operations. It does not instruct reading unrelated system files or exporting data to third‑party endpoints. However, the runtime code (docx_engine.py) can auto-provision .NET by downloading/ running the official dotnet-install script and will call external tools (curl, powershell, soffice, pandoc) if used — network and tool execution are within the expected scope for this skill but broaden the runtime surface.
Install Mechanism
There is no package install spec (lower platform risk), but the Python runtime includes code to download and run official dotnet-install scripts from https://dot.net. Downloading and executing installer scripts is higher-risk than pure local operations, though the URL used is the official dot.net host. There is also a requirements.txt and optional tooling list (Playwright, LibreOffice, Pandoc); installation of those is left to the user.
Credentials
The skill requests no secrets or service credentials. It uses PROJECT_HOME (optional) and will create output/staging directories under the user's workspace and may write into ~/.dotnet when provisioning .NET. That file- and directory-level access is proportionate to building and validating documents but is invasive to the user's home directory.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable. It does not modify other skills or system agent settings. It will create workspace and output directories in the user's PROJECT_HOME (or CWD) and may install or remove a ~/.dotnet installation when provisioning — this is expected for a tool that depends on the .NET SDK but is a persistent filesystem impact to be aware of.
Assessment
This package appears to be what it says: a document generation and validation tool built with Python and C# OpenXML code. Before running it: 1) Verify that the referenced C# project file (src/DocForge.csproj) exists — some docs reference it but it wasn't listed in the manifest and dotnet commands will fail if missing. 2) Expect the tool to call external programs (curl/powershell, soffice, pandoc) and to download and execute the official dotnet-install script to provision .NET into your home directory (~/.dotnet). If you are uncomfortable with that, run the code in an isolated/sandboxed environment, set PROJECT_HOME to an empty test directory, and review docx_engine.py (guarantee_dotnet/provision_dotnet) before allowing network access. 3) The skill does not request secrets, but it will create .docx outputs under PROJECT_HOME/output and staging files under .docx_workspace; ensure those paths and file writes are acceptable. If you need higher assurance, open and inspect the repo (especially docx_engine.py and any installer invocation) or run python3 <skill-path>/docx_engine.py doctor first to see required tooling and actions.Like a lobster shell, security has layers — review code before you run it.
latestvk9701h6tqxe69vrjwvpz72jc1x82ea74
License
MIT-0
Free to use, modify, and redistribute. No attribution required.