v0.2.1

Hwp Batch Convert

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:45 AM.

Analysis

This skill appears aligned with local Windows HWP/HWPX batch conversion, but users should notice that it can write many output files and optionally auto-click a Hancom security prompt.

GuidanceBefore running, preview with `--plan-only --json`, confirm the input and output folders, avoid `--overwrite` unless intended, and enable automatic dialog approval only for trusted Hancom documents and workflows.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

`--auto-allow-dialogs`: 제목 `한글`, 본문에 `접근하려는 시도`, 버튼 `모두 허용`/`허용` 조건을 모두 만족하는 보안 팝업만 자동 클릭

The skill can automatically click a Hancom security/permission dialog. This is clearly disclosed and constrained by a whitelist, but it bypasses a human confirmation step when enabled.

User impactIf enabled, the conversion can proceed through matching Hancom security prompts without the user manually approving each one.

RecommendationUse `--auto-allow-dialogs` only when you trust the documents and the Hancom automation session; otherwise run without it and handle prompts manually.

Cascading Failures

SeverityLowConfidenceHighStatusNote

SKILL.md

`--include-sub`: 하위 폴더 포함(기본값) ... `--overwrite`: 같은 이름 출력 허용 ... 먼저 `--plan-only --json` 으로 대상/건너뜀/출력 경로를 확인한다.

The skill is designed for recursive batch conversion and can optionally overwrite outputs. The plan-only step helps contain mistakes, but a wrong folder or overwrite choice could affect many files.

User impactA broad input folder or overwrite option could create or replace many output files in one run.

RecommendationRun `--plan-only --json` first, review the target/output paths, and avoid `--overwrite` unless you are sure.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

OS restriction: none; Required binaries: none; Required env vars: none; No install spec

The registry metadata does not encode the Windows/Hancom/pywin32 runtime assumptions that the SKILL.md documents. This is an under-declared environment requirement rather than hidden behavior.

User impactThe skill may fail or behave unexpectedly if invoked outside a suitable Windows Hancom HWP environment.

RecommendationInstall/use it only on Windows with Hancom HWP and the required Python COM automation support available.