Back to skill
Skillv1.0.1
ClawScan security
docx-md · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 2:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's included Python scripts and instructions match its stated purpose (read → edit JSON → write .docx) and there are no unrelated credentials, network endpoints, or install steps that contradict that purpose.
- Guidance
- This package appears coherent and implements what it advertises. Before installing or running: (1) review and test on copies of documents (the finalize script uses regex on XML which can be fragile); (2) be aware the code is GPL-3.0 — incorporating it into proprietary code may have license implications; (3) install the required Python packages (lxml, docx-revisions) in an isolated environment; (4) because the source is 'unknown', if you need high assurance consider auditing the scripts (they are included) or running them in a sandbox; and (5) always supply explicit file paths — the scripts operate on files you give them and do not attempt network communication or secret collection.
Review Dimensions
- Purpose & Capability
- okThe name/description (docx → compact markdown/JSON → apply edits → finalize) match the actual artifacts: three scripts (read, apply, finalize), requirements (lxml, docx-revisions), and documentation. There are no requested environment variables, binaries, or external credentials unrelated to DOCX processing.
- Instruction Scope
- noteSKILL.md and the scripts limit actions to reading a supplied .docx, producing Markdown/JSON, applying edits to a supplied .docx, and finalizing (accept changes/remove comments). All file IO is explicitly on user-provided paths. One implementation detail to note: finalize_docx removes comment markup by decoding document.xml as UTF-8 and applying regex replacements on raw XML bytes (fragile approach that can corrupt edge-case documents), but this is a scope/robustness issue rather than extraneous or malicious behavior.
- Install Mechanism
- okThere is no platform install spec (instruction-only install). The bundled requirements.txt lists lxml and docx-revisions (both reasonable for OOXML manipulation). No downloads from arbitrary URLs or archive extraction are present.
- Credentials
- okThe skill requests no environment variables or secrets. The only runtime inputs are file paths supplied by the user; dependencies are standard Python packages relevant to the stated functions.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills or global agent configuration, and does not require ongoing background presence. It performs one-shot file operations when invoked.