My Docx Formatter
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may download third-party Python code from the package ecosystem.
The install script creates a Python virtual environment and fetches python-docx without pinning a version. This is expected for a docx-generation skill, but it depends on the package manager and current package contents at install time.
uv venv ... uv pip install python-docx
Review the install script before running it, use a trusted uv/Python environment, and consider pinning python-docx to a known-good version if reproducibility matters.
The package identity is somewhat ambiguous, so users may want to confirm they are installing the intended formatter.
The embedded metadata differs from the registry metadata shown for this package, which lists a different owner ID, slug, and version. This creates a provenance/packaging inconsistency, though the included source code remains coherent with the stated purpose.
"ownerId": "kn76jdqd5cc8yn3q774rk4bcfs82738j", "slug": "docx-formatter", "version": "1.0.1"
Verify the publisher and package identity in ClawHub before installing, especially if relying on this skill in a managed or organizational environment.