ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Word DOCX

v1.0.2

Create, inspect, and edit Microsoft Word documents and DOCX files with reliable styles, numbering, tracked changes, tables, sections, and compatibility check...

0· 119·1 current·1 all-time
by@nicenasa·duplicate of @tonydesign1999/word-docx-1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and SKILL.md all align: detailed, OOXML-aware guidance for creating, inspecting, and editing .docx files. The instructions stay on-topic (styles, numbering, sections, tracked changes, fields).
Instruction Scope
Instructions are self-contained guidance for handling DOCX internals; they do not instruct reading unrelated system files, accessing external endpoints, or exfiltrating data. No vague 'gather whatever context you need' directives are present.
Install Mechanism
This is instruction-only (no install spec, no code). That is low-risk. However, _meta.json ownerId (kn73vp5r...) does not match the registry Owner ID shown in the listing (kn71ehc...), and the source is listed as 'unknown' — a provenance/metadata inconsistency worth verifying.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate for an instruction-only docx editing guidance skill.
Persistence & Privilege
always is false and there is no install or behavior that modifies other skills or system settings. The skill can be invoked by the agent (normal), but it does not request persistent privileges.
What to consider before installing
The skill's content is coherent and appears focused on safe, careful DOCX editing. The main concern is provenance: the _meta.json ownerId differs from the registry owner ID and the source is listed as 'unknown'. Before installing or running it on sensitive documents: (1) verify the publisher (check the homepage and registry page for consistent owner IDs and contact info); (2) prefer testing on non-sensitive sample documents first; (3) if you care about privacy, remember the agent/model will process document content (platform-level data handling) — confirm how document data is transmitted/stored by your agent/platform. If provenance can't be confirmed, treat this skill as untrusted and avoid running it on confidential files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ax7180xcwyect7ege6p3c7h8397p0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📘 Clawdis
OSLinux · macOS · Windows

Comments