Doc Handler - 文档处理
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any document opened with this skill may be visible to the agent, and text inside the document should be treated as untrusted content rather than instructions.
The tool extracts and prints the contents of a user-selected document, which is expected for a document reader but means private or instruction-like document text can enter the agent context.
filepath = sys.argv[2] ... if cmd == 'read': ... print(read_file(filepath))
Use the skill only on files you intend the agent to read, and treat extracted document text as data that may contain sensitive or misleading content.
Users may need to install dependencies themselves and should ensure they come from trusted package sources.
The skill depends on Python packages but does not provide a source homepage, install specification, or pinned dependency information; this is a provenance/setup gap, not evidence of malicious behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install required packages from trusted repositories, consider pinning versions, and verify the included code before use.
Users may expect editing support that the provided code does not actually implement.
The documentation advertises editing/writing support, but the included source only accepts `read`; this could mislead users about available functionality, though no hidden or destructive write behavior is shown.
description: 读取和编辑 Word、PDF、Excel 文档 ... | 写入 Word | `python3 -m doc_handler write docx 文件 "内容"` |
Treat this skill as a document reader unless a reviewed write implementation is added.