pdf-ppt-docx-xlsx-tools
PassAudited by ClawScan on May 12, 2026.
Overview
The provided scripts are a coherent local document-conversion toolkit with no evidence of hidden network access, credential use, persistence, or exfiltration.
This appears safe for normal local document conversion. Before installing, use a virtual environment if possible, install LibreOffice and Python packages from trusted sources, keep backups of important documents, and avoid opening generated HTML from untrusted files unless the converter is updated to escape HTML content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run local conversion commands and write files on your machine.
The skill is designed around local command execution. That is expected for file conversion, but it means the agent can create or overwrite local output files when used.
所有操作均可通过 `execute_command` 执行 Python 一行命令或短脚本完成。
Use explicit, trusted input files and output locations; review commands before running them on important documents.
Installing the skill may pull code from package repositories onto your machine.
The skill depends on several third-party packages, apparently without version pins. This is normal for a conversion toolkit but carries ordinary package supply-chain risk.
pip install PyMuPDF pdf2docx python-docx python-pptx openpyxl pandas Pillow pdfplumber
Install dependencies from trusted repositories, consider pinning versions, and use a virtual environment where possible.
Opening generated HTML from an untrusted DOCX could display or run unintended browser content.
DOCX paragraph text is inserted directly into generated HTML without escaping. If an untrusted document contains HTML-like text, the output HTML may contain active markup when opened in a browser.
text = para.text ... return f"<p>{text}</p>"Only open generated HTML from trusted documents, or update the converter to HTML-escape document text before writing it.