ClawHub

docx-skill

v1.0.0

Create, read, edit, and manipulate Word documents (.docx). Supports text, tables, images, headers, footers, styles, and tracked changes.

0· 303·1 current·1 all-time
by@weaglewang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (create/read/edit .docx) align with the SKILL.md content: it documents using the npm 'docx' library, pandoc, and python-docx for reading and conversion. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md provides example code and shell one-liners that operate on .docx files (create files, read/convert with pandoc/python-docx). It does not instruct reading unrelated system files or environment variables. Note: examples will read/write files in the working directory and recommend installing/using system tools — typical for this purpose.
Install Mechanism
There is no automated install spec in the registry entry (instruction-only). The README suggests installing packages via npm, brew, and pip — all are standard package managers and expected for this task. Be aware these are global/system installs (npm -g, brew cask) which modify the host environment and require network access; the instructions do not pull from arbitrary URLs.
Credentials
The skill declares no required environment variables, credentials, or config paths. The requested tools are proportional to the stated functionality (document creation/conversion and optional image/PDF handling).
Persistence & Privilege
always is false and the skill does not request persistent system privileges or to modify other skills. It is user-invocable and can be called autonomously (platform default), which is expected for a processing skill.
Scan Findings in Context
[no-findings] expected: The static regex scanner found nothing; this is expected because the registry entry contains only a SKILL.md (instruction-only) and no code files for analysis.
Assessment
This skill appears coherent and only requires standard document-processing tools. Before installing, confirm you trust installing system packages via npm/brew/pip (they run with your account permissions and need network access). If you run agent-executed examples, be aware they will read/write files in the current working directory. Verify package sources (npm and Homebrew are standard) and avoid running untrusted .docx files or executing commands copied verbatim without review. If you need stronger assurance, ask the publisher for a source repository or signed release artifacts before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976b5hgcdys6jk4tjvth3dmtx83c1en

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments