Wps Skill
ReviewAudited by ClawScan on May 1, 2026.
Overview
This WPS Office skill is coherent and mostly transparent, but it can automate your desktop, modify local documents, and optionally use WPS cloud credentials.
Install this only if you trust it to automate your local WPS Office environment. Be cautious with batch conversions, keep the intended document window active when GUI automation is used, and do not enter WPS 365 credentials unless you need cloud features and can protect the local config file.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the active window is not WPS, generated text could be typed into another app.
The skill clearly discloses that it can simulate keyboard input and may interact with the currently active window, which is expected for office automation but can affect the wrong application if focus is not controlled.
GUI 自动化:本 Skill 使用 `pyautogui` 进行键盘输入模拟,可能会与当前活动窗口交互
Use the skill only in a trusted desktop session, keep the intended WPS document focused, and avoid running unrelated sensitive apps while using GUI automation.
The skill can open local files and applications as part of document workflows.
The code launches WPS or opens documents through local subprocess calls. This is purpose-aligned for a WPS automation skill and uses argument lists rather than shell interpolation in the shown snippets.
subprocess.Popen(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
Review requested file paths before allowing the agent to open or convert documents, especially when operating on important work files.
If configured, the skill may act through the WPS 365 application credentials and access cloud collaboration features allowed by that app.
The skill supports optional WPS 365 cloud features that require application credentials. This is disclosed and purpose-aligned, but the registry metadata declares no primary credential.
WPS 365 功能需要配置 `app_id` 和 `app_secret`
Only configure WPS 365 credentials if you need cloud features, grant the minimum API permissions, and rotate or remove the credentials when no longer needed.
Anyone with access to the config file could read configured WPS app credentials.
The included configuration file has empty credential fields, indicating no hardcoded secret, but it also shows that users may store WPS app credentials in a local plaintext config file.
"app_id": "", "app_secret": ""
Keep config.json private, avoid using shared devices for credential storage, and prefer environment-variable or secret-manager storage if supported later.
Different package versions may behave differently or introduce dependency risk.
The installation instructions use unpinned package names and there is no install spec, so dependency versions and provenance are left to the user's environment. This is common for instruction-only skills but worth noticing.
pip install requests pyautogui pyperclip Pillow
Install dependencies from trusted package indexes, consider pinning versions in your own environment, and review the included scripts before use.