Wps Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: wps-office Version: 1.0.1 The skill provides legitimate WPS Office automation but contains several critical vulnerabilities due to insufficient input sanitization. Specifically, the `scripts/main.py` directly uses `sys.argv` parameters like `content` for `pyautogui.typewrite`, which can lead to arbitrary command execution if an attacker can control the AI agent's prompt and a terminal is active. Furthermore, `filepath` and `directory` parameters are passed to `subprocess.Popen` and `os.path.expanduser`/`os.listdir` without robust validation, posing shell injection and path traversal risks. The WPS 365 cloud API controllers also pass user-controlled arguments (e.g., `endpoint`, `data`, `filters`) directly to `requests` calls, enabling potential API abuse or server-side request forgery (SSRF) against `open.wps.cn` using the user's configured `app_id` and `app_secret`. While the `SKILL.md` transparently warns about GUI automation risks, the code lacks safeguards against malicious input, making the skill highly susceptible to prompt injection attacks against the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used while another app is focused, the agent could type document content into an unintended window.
The skill explicitly discloses that it can simulate keyboard input into the currently active window, which is expected for GUI office automation but can affect the wrong window if focus changes.
GUI 自动化:本 Skill 使用 `pyautogui` 进行键盘输入模拟,可能会与当前活动窗口交互
Use this skill only in a trusted desktop session, keep WPS focused during GUI automation, and review actions before allowing document creation or editing.
Configured credentials could allow the skill to access or manage WPS 365 resources within the permissions granted to the WPS application.
The skill can use WPS Open Platform credentials for WPS 365 cloud features; this is purpose-aligned and disclosed, but it grants access to a cloud account or app context.
WPS 365 功能需要配置 `app_id` 和 `app_secret`
Use least-privilege WPS app credentials, avoid shared machines, rotate secrets periodically, and leave the credentials blank if cloud features are not needed.
Future dependency versions could behave differently from the versions the author tested.
The documented setup installs third-party Python packages without version pins; these packages are relevant to the skill, but unpinned installs can change over time.
pip install requests pyautogui pyperclip Pillow
Install dependencies from trusted package sources and consider pinning known-good versions in a controlled environment.
A mistaken directory or format choice could create or alter many files at once.
The skill supports batch conversion across a directory, which is aligned with its purpose but can affect many local documents in one operation.
python scripts/main.py batch_convert dir=~/Documents format=pdf
Run batch operations on a small test folder first and keep backups of important documents.