Gonggong Hwpxskills Main
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows these instructions from another source, they may install or run code that was not included in the reviewed artifacts.
The documentation points to requirements.txt, run.py, and a helper script, but the reviewed manifest contains no code files or install spec. This is a provenance/completeness issue rather than evidence of malicious behavior.
python3 -m pip install --user -r requirements.txt ... ./run.py apply-template assets/report-template.hwpx mapping.json outputs/out.hwpx ... scripts/fix_namespaces.py
Before running install.sh, pip requirements, run.py, or helper scripts, verify they come from the intended trusted repository/release and review their contents.