hwp-reader
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on reading Korean HWP/HWPX documents, with only expected local Python and dependency setup considerations.
This skill appears safe for its stated purpose, but only use it on HWP/HWPX files you want the agent to read. If pyhwp must be installed, verify the package source and version first.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run Python locally to read document contents, so it should only be used on files the user intends to disclose to the agent.
The skill tells the agent how to run local Python commands to parse HWP/HWPX files. This is central to the document-reading purpose, but it is still local code execution on user-selected files.
python3 -c "\nfrom hwp5.hwp5txt import main\nimport sys\nsys.argv = ['hwp5txt', 'FILE_PATH']\nmain()\n"
Use the skill only with explicit file paths you trust and want analyzed; avoid letting the agent choose broad directories or unrelated files.
If the dependency is installed, the user may pull package code from an external package source.
The artifact documents an unpinned pip-installed dependency and a local author-specific install path, while the registry metadata declares no required binaries or install spec. This appears purpose-aligned but should be verified before installation.
- **pyhwp** (`pip install pyhwp`) — installed at `/Users/mupeng/Library/Python/3.9/lib/python/site-packages/hwp5/`
Install pyhwp only from a trusted source, consider pinning a known-good version, and confirm the dependency is needed in the local environment.