Document Format Skills
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: document-format-skills Version: 1.0.0 The skill bundle is a legitimate utility for processing and formatting Word documents (.docx) according to Chinese standards (e.g., GB/T 9704-2012). The Python scripts (analyzer.py, formatter.py, punctuation.py) use the standard 'python-docx' library to perform document diagnostics, punctuation correction, and style application without any evidence of network access, data exfiltration, or malicious execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user supplies the wrong output path or overwrites an important file, the document formatting or text could be changed.
The skill is intended to run local scripts that read a DOCX and write an output DOCX. This is coherent with the purpose, but it is still file-mutation authority.
uv run --with python-docx python3 scripts/punctuation.py input.docx output.docx
Run it on copies or use a separate output filename, especially for important or confidential documents.
The first run may fetch a Python package from the configured package index, so the user is relying on that package source.
The documented workflow dynamically installs python-docx at runtime via uv. This is expected for the skill, but the dependency version/source is not pinned in the artifacts.
- python-docx 使用 `uv run --with python-docx` 自动安装。
Use a trusted Python package index and consider pinning python-docx in a controlled environment if reproducibility matters.
Small excerpts from sensitive documents may be visible in logs or the agent conversation during processing.
The punctuation fixer prints short previews of modified paragraphs, which can place document content into the terminal or agent transcript.
preview = para.text[:50] + "..." if len(para.text) > 50 else para.text
print(f" Para {i + 1}: {preview}")Avoid running it on documents whose contents should not appear in the agent session, or remove/reduce preview logging before use.