ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TDOC Docx

v1.0.0

Word 文档全能处理技能 | Complete Word Document Processing Skill. 支持创建、读取、编辑、转换 Word 文档 | Create, read, edit, convert Word documents. 支持 .docx/.doc 格式、中文公文格式、表格、图片、tr...

0· 232·0 current·0 all-time
by@wenrichard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Word document lifecycle: create/read/edit/convert/diff/comment) aligns with the provided scripts and declared binaries. Required binaries (python3, uv) and the requested system tools (LibreOffice, pandoc, poppler, antiword) are appropriate for the stated conversion and extraction tasks.
Instruction Scope
SKILL.md and the scripts direct the agent to operate on local files (create, unpack/pack, edit XML, convert formats). Instructions do not ask for unrelated files, environment variables, or external endpoints. The skill declares an automatic trigger for document-related requests (routing rules) — this is a functional behavior rather than unexpected data access.
Install Mechanism
Install is provided (install.sh) and uses pip/uv and platform package managers (brew/apt/yum) to install Python deps and system packages (LibreOffice, pandoc, poppler, antiword). These are standard but do run network installs and may call sudo on Linux — review and run in a controlled environment if you don't want system changes.
Credentials
The skill requests no environment variables, no secrets, and no config paths. All operations appear to be local file manipulation and validation; no credentials or unrelated system configs are requested.
Persistence & Privilege
Flags: always=false, user-invocable=true, model invocation enabled (default). The skill does not request permanent/always-on inclusion or modify other skills. Autonomous invocation is allowed by default — this is normal but worth noting if you prefer to restrict autonomous tool use.
Assessment
This skill appears coherent and implements DOCX processing locally. Before installing: (1) review install.sh since it will install Python packages and system packages (may require sudo) — run it in a VM or sandbox if you want to avoid system changes; (2) inspect any helper scripts that could fetch network resources (e.g., scripts/fetch_file.sh) to confirm there are no unexpected remote downloads; (3) if you don't want the agent to call the skill autonomously, disable model invocation for this skill in agent settings; (4) no secrets or external API keys are required by the skill, so there is no obvious credential exfiltration path. If you want higher assurance, run the code in an isolated environment and audit scripts that invoke subprocesses (LibreOffice/pandoc) or perform external installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fk5hv4reqhy0vpv94tqmtbx82ra0e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binspython3, uv

Install

uv
Bins: create_docx.py, read_docx.py, edit_docx.py, convert_docx.py, diff_docx.py, word_count.py

Comments