Skillv1.0.0

ClawScan security

Office Document Editor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 4:50 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, install spec, and runtime instructions are consistent with a local DOCX/PPTX editing tool; it does not request secrets or contact hidden endpoints, but a small feature mismatch (advertised 'tracked changes') and some user-visible behaviors are worth noting before install.
Guidance: This skill appears to do what it says: fetch files (uploads/URL/SFTP/local), apply replacements/formatting to DOCX/PPTX, generate diffs, and help commit to Git. Before installing: (1) be aware that 'tracked changes' is implemented as visible formatting (highlights/strike) not Word's revision-tracking metadata; (2) SFTP operations will attempt to connect to hosts you supply and use your system sftp client (you should not supply credentials to untrusted hosts); (3) the skill writes files into your OpenClaw workspace (~/.openclaw/workspace) and can copy edited files back into the workspace media folder—ensure that is acceptable for your data-sensitivity requirements. If you rely specifically on Word's native 'Track Changes' feature, test carefully first. If you want additional assurance, review the scripts locally before running, or run them in an isolated environment.

Review Dimensions

Purpose & Capability: noteOverall coherent: the package provides utilities to fetch files, edit DOCX/PPTX, generate diffs, and help with Git commits as advertised. Minor mismatch: the README advertises 'tracked changes' while the implementation applies formatting (highlight/strike/bold/underline) and textual replacements rather than generating Microsoft Word revision-tracked changes (the skill marks edits visually, it does not create Word revision metadata).
Instruction Scope: okSKILL.md and included scripts limit actions to fetching files (uploads, URL, SFTP, local), performing edits, generating diffs, and optional Git commit. The scripts reference the agent workspace (~/.openclaw/workspace/media/inbound) and standard tools (curl, sftp, git). They do not read unrelated system config or attempt to exfiltrate data to hidden endpoints.
Install Mechanism: okInstall uses the 'uv' packaging/virtual-env mechanism (metadata and uv sync). All executable scripts and Python sources are bundled with the skill; there are no remote downloads from arbitrary URLs or extract-from-URL steps in the install metadata.
Credentials: okNo environment variables, credentials, or config paths are required. The skill uses standard user directories (HOME, ~/.openclaw workspace) and common CLI tools (curl, sftp). SFTP operations rely on the system's sftp client and any user-provided credentials or keys — the skill does not request or store secrets itself.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide configs. It writes files into its skill workspace and the agent media inbound folder (for uploads), which is expected for this functionality.