ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Generate a Word (.docx) document based on the content list provided by the user.

v1.0.0

Create professional Word (.docx) documents from a user-provided content list with styled headings, paragraphs, colors, alignment, and formatting.

0· 496·3 current·3 all-time
by@sereinzhi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (generate .docx documents with styling) align with the code and SKILL.md. The script only implements document creation features (headings, alignment, bold, color). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md restricts runtime behavior to constructing a list of paragraph objects and calling create_word_file. Neither the instructions nor the code attempt to read arbitrary files, environment variables, or external endpoints beyond installing a Python package.
Install Mechanism
There is no formal install spec, but the bundled script will auto-run pip (via subprocess) to install 'python-docx' into the running Python environment if the import fails. This is coherent with the purpose but has operational and supply-chain implications: it performs network downloads from PyPI and modifies the runtime environment.
Credentials
The skill declares no required env vars, credentials, or config paths. The code does not access environment secrets. The single external dependency (python-docx) is proportionate to the task.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or system-wide settings, and does not persist credentials. It only saves the generated .docx to the current filesystem, which is consistent with its purpose.
Assessment
This skill appears to do what it claims: build .docx files from a JSON-like content list. Before installing or running it, consider: 1) the script auto-installs python-docx via pip at runtime — if your environment restricts network or package installs, run the install yourself beforehand or review the dependency/version. 2) Running pip from code will modify the Python environment; prefer running in an isolated/sandboxed environment (virtualenv/container) to avoid unintended package changes. 3) Review or pin the python-docx version if you require reproducible builds. 4) The script writes files to the current working directory — ensure that path is acceptable. If you want a stricter posture, ask the author to remove automatic pip install and document explicit dependency installation instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ezynejdcpk35bdtcz4rdm1832v45

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments