Document Diff
v0.1.0Compare two documents (PDF, Word, images, PPT) and generate a structured diff report highlighting what changed, what was added, and what was removed. Uses So...
⭐ 1· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, SKILL.md, and document_diff.py consistently describe parsing two documents via SoMark and diffing the resulting Markdown. The single required env var (SOMARK_API_KEY) is exactly what the code uses to call somark.tech, so requested capabilities match the stated purpose.
Instruction Scope
SKILL.md and the script instruct the agent to upload both files to somark.tech and save parsed Markdown and a diff locally. This is expected for the task, but it means user documents are transmitted off-host; SKILL.md mentions the parse step but does not clearly warn about potential confidentiality/privacy implications beyond a brief 'treat parsed content as data' note.
Install Mechanism
There is no install spec (instruction-only), which avoids hidden installers. However, the script imports aiohttp (an external dependency) but the skill metadata does not declare dependencies or how to install them; runtime will fail if aiohttp is missing. No downloads from untrusted URLs are performed by the skill itself.
Credentials
The only required environment variable is SOMARK_API_KEY (declared as primaryEnv) and the code reads only that. This single credential is proportional to the stated need to call the SoMark API.
Persistence & Privilege
always:false and the skill does not modify other skills or global configs. It writes output files to a user-specified directory only. Autonomous invocation is allowed by default but not combined with other broad privileges here.
Assessment
This skill appears to do what it says: it uploads both documents to somark.tech using your SOMARK_API_KEY, receives parsed Markdown, and creates a local diff report. Before installing or running it, consider the following: 1) Privacy: both full documents (and their content) will be uploaded to somark.tech — do not use this on sensitive/confidential files unless you trust SoMark's policies and controls. 2) Credentials: only SOMARK_API_KEY is required; give the minimum-permission key and keep it secret. 3) Dependencies: the Python script uses aiohttp but the skill does not declare how to install it — ensure your environment has the required packages (pip install aiohttp) and a recent Python. 4) Provenance: the skill has no homepage and an unknown owner; _meta.json lists version 0.1.1 while the registry metadata shows 0.1.0 — this mismatch and lack of source URL reduce transparency. 5) Test first: run on non-sensitive sample documents to confirm behavior and to verify the outputs and timing. If you need on-premise/offline processing for sensitive files, look for or request an offline alternative instead of uploading to a third-party API.Like a lobster shell, security has layers — review code before you run it.
latestvk97dc0yh6j8bz1vd3mkx86zqdd848cha
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
EnvSOMARK_API_KEY
Primary envSOMARK_API_KEY