docx
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent DOCX editing skill, but it uses local document-processing commands and an optional unpinned npm setup step that users should approve deliberately.
This skill is reasonable for DOCX work, but use it on copies of important documents, confirm file paths before running pack/unpack commands, and explicitly approve any package installation such as the global npm docx install.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may spend extra time/context reading bundled documentation before creating or editing documents.
The skill strongly controls the agent's workflow by requiring full reads of bundled reference files. This is limited to the skill's own DOCX guidance and supports the stated purpose, so it is a note rather than a concern.
**MANDATORY - READ ENTIRE FILE** ... **NEVER set any range limits when reading this file.**
Keep these instructions scoped to the skill’s own reference files and do not let content extracted from user documents override the user’s request.
A mistaken path or instruction could modify the wrong document or produce an unwanted replacement file.
The skill directs local script execution and document file writes. This is expected for DOCX editing, but users should be aware it can change or overwrite selected Office files.
Unpack the document: `python ooxml/scripts/unpack.py <office_file> <output_directory>` ... Create and run a Python script using the Document library ... Pack the final document: `python ooxml/scripts/pack.py <input_directory> <office_file>`
Run workflows on copies of important documents, verify input/output paths, and review tracked changes before accepting them.
Installing a global package can affect other projects and may fetch whatever version is current from the registry.
The documented setup uses an unpinned global npm install. This is purpose-aligned for generating DOCX files, but it modifies the local Node environment and depends on the package source at install time.
Assumes docx is already installed globally If not installed: `npm install -g docx`
Approve this install explicitly, prefer a pinned/project-local dependency where possible, and install only from a trusted registry.