ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hwp Batch Convert Repo

v0.2.0

Batch-convert 한컴 한글 문서(HWP/HWPX) to PDF, HWPX, DOCX, ODT, HTML, RTF, TXT, and image formats on Windows using HWP COM automation. Use when the user asks for 이...

0· 67·0 current·0 all-time
by@twbeatles
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (batch-convert HWP/HWPX on Windows) matches the included script and docs. Required system capabilities (Windows, Hancom HWP installation, pywin32) are documented in SKILL.md and the code. There are no extraneous credentials or unrelated service requirements.
Instruction Scope
Runtime instructions are narrowly scoped to enumerating HWP files, planning conversions, and invoking local COM automation. The only elevated scope is an optional UI automation feature (--auto-allow-dialogs) that scans windows and will click buttons that meet a strict whitelist (title == '한글', body contains '접근하려는 시도', button '모두 허용' or '허용'). This behavior is coherent with the purpose but is a system-level UI interaction you should enable only when you understand the implications.
Install Mechanism
No install spec (instruction-only skill) — the script is included directly. No network downloads or external installers are performed by the skill itself. Note: pywin32/Windows dependencies are required at runtime but are only mentioned in the docs (not enforced by an install step).
Credentials
The skill requests no environment variables or credentials. All filesystem and process interactions are proportional to a local conversion tool (reading input files, creating output files, enumerating local processes via tasklist).
Persistence & Privilege
always:false and no modifications to other skills or agent-wide settings. The skill does not request persistent elevation or automatic inclusion. It performs local file I/O and transient Win32 API calls while running.
Assessment
This skill appears internally consistent with its stated purpose, but take these precautions before running it: 1) Only run on Windows machines with Hancom HWP installed and pywin32 available; use --plan-only and/or --mode mock first to verify targets and outputs. 2) Be cautious enabling --auto-allow-dialogs: it will programmatically click matching system dialogs (limited by a whitelist) — enable only when you trust the environment and test the handler locally with --self-test-dialog-handler. 3) Review where outputs and reports are written to avoid accidental overwrite, and do not run the tool with unnecessary elevated privileges. 4) If you need an explicit dependency/install step (pywin32), add it or install it beforehand. If you want extra assurance, inspect the full script (included) and test on a small sample set.

Like a lobster shell, security has layers — review code before you run it.

latestvk975mf2myxdhbsks0kyj7rks1s839aet

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments