Gonggong Hwpxskills Main
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: gonggong-hwpxskills-main Version: 0.1.1 The skill bundle appears benign, designed for HWPX document processing, including template application and placeholder substitution. The `SKILL.md` provides clear, purpose-aligned commands (`analyze-template`, `apply-template`) for the AI agent, involving expected file operations. Other `README` files contain standard local installation instructions (`pip install -r requirements.txt`) and usage examples (`./run.py`), which are not directed at the agent and do not show malicious intent. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, obfuscation, or malicious prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows these instructions from another source, they may install or run code that was not included in the reviewed artifacts.
The documentation points to requirements.txt, run.py, and a helper script, but the reviewed manifest contains no code files or install spec. This is a provenance/completeness issue rather than evidence of malicious behavior.
python3 -m pip install --user -r requirements.txt ... ./run.py apply-template assets/report-template.hwpx mapping.json outputs/out.hwpx ... scripts/fix_namespaces.py
Before running install.sh, pip requirements, run.py, or helper scripts, verify they come from the intended trusted repository/release and review their contents.