Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Docx
v1.0.0Use this skill whenever the user wants to create, read, edit, or manipulate Word documents (.docx files). Triggers include: any mention of 'Word doc', 'word...
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Overall the packaged code (unpack/pack/validate/comment/accept_changes/etc.) matches the stated purpose of creating, reading, editing, and validating .docx files. However, SKILL.md emphasizes JavaScript 'docx' (npm) for creation while the bundle is heavily Python-based and provides many Python scripts for unpacking/modifying/repacking DOCX XML. The skill's metadata declares no required binaries or env vars, yet the code expects/uses LibreOffice (soffice), pandoc, pdftoppm, and optionally gcc. This mismatch (documented toolchain in SKILL.md vs. actual code and missing declared runtime requirements) is unexpected and should be clarified.
Instruction Scope
Runtime instructions and included scripts instruct the agent to run local binaries and manipulate arbitrary Office files on disk (e.g., python scripts that unpack/repack XML, run pandoc, call soffice). The accept_changes flow installs a LibreOffice macro into a user profile directory and then invokes soffice to execute that macro. The soffice helper may create a compiled LD_PRELOAD shim and set LD_PRELOAD in the environment. The instructions therefore give the skill permission to write files outside its own directory (e.g., /tmp/libreoffice_docx_profile, temporary C source and .so), compile native code, and change subprocess environment variables — all of which are within the skill but broader than simple XML editing and deserve attention.
Install Mechanism
There is no declared install spec, but the included code dynamically generates C source and invokes 'gcc' to build an LD_PRELOAD shim (scripts/office/soffice.py -> _ensure_shim uses subprocess.run to call gcc and write lo_socket_shim.so in the temp dir). Although the source is local (no remote download), compiling and LD_PRELOADing native code is higher risk and requires gcc to be available. The skill also expects external binaries (soffice, pandoc, pdftoppm) that are not declared in the registry metadata.
Credentials
The skill does not request secrets or environment variables in metadata. The code manipulates environment only to set SAL_USE_VCLPLUGIN and (conditionally) LD_PRELOAD for soffice. It does not read cloud keys or other credentials. From a credential/secrets perspective the requests are proportional to the purpose.
Persistence & Privilege
The skill writes files outside its package area (e.g., /tmp/libreoffice_docx_profile for a LibreOffice profile and macro, /tmp C source and compiled .so). It installs a LibreOffice macro (ACCEPT_CHANGES_MACRO) into that profile so LibreOffice will execute code via macro dispatch. While the macro's source is included and appears limited to accepting tracked changes, installing macros in a user profile is a behavior that affects future LibreOffice invocations and can be surprising. The LD_PRELOAD shim being compiled and used is transient but gives the skill the ability to change process behavior at runtime. The skill does not set always:true and does not modify other skills' configs.
What to consider before installing
This bundle mostly does what it says (tools to unpack, edit, validate, and re-pack .docx files), but there are several things to review before installing:
- Undeclared runtime requirements: The package expects system binaries that are not listed in metadata (LibreOffice 'soffice', 'pandoc', 'pdftoppm', and 'gcc' for the shim). If you plan to use it, ensure these are installed in a controlled environment.
- Native compile & LD_PRELOAD: The code writes C source to the temp directory and runs 'gcc' to produce an LD_PRELOAD .so (scripts/office/soffice.py). LD_PRELOAD alters process behavior and can be risky; inspect the C source (present in the repo) and only run in a sandbox or on machines you control.
- LibreOffice macro installation: accept_changes.py writes a LibreOffice macro into a profile under /tmp and then invokes soffice to run it. Macros can execute code; although the included macro appears limited to accepting tracked changes, installing macros into a profile is a persistent action (in /tmp until cleared) and may surprise users or administrators.
- SKILL.md vs implementation mismatch: SKILL.md recommends using JavaScript 'docx' (npm) for creation, but almost all contained logic is Python-based XML manipulation and validation. Ask the author to clarify recommended toolchain and to declare required binaries.
- Licensing and distribution: LICENSE.txt is restrictive (Anthropic license-like terms). Make sure the license terms are acceptable for your environment.
Recommended actions before installing:
- Review the included C shim, the LibreOffice macro, and the Python scripts yourself or with a trusted reviewer.
- Run the skill in an isolated sandbox/container with limited privileges first.
- Request the author update the registry metadata to list required system binaries and explain why the LD_PRELOAD shim and macro installation are necessary.
- If you cannot audit these elements, avoid installing on sensitive hosts or with elevated privileges.Like a lobster shell, security has layers — review code before you run it.
chinesevk976tfgr0aweydcphzjqyn16px83hjr9documentvk976tfgr0aweydcphzjqyn16px83hjr9latestvk976tfgr0aweydcphzjqyn16px83hjr9wordvk976tfgr0aweydcphzjqyn16px83hjr9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.