Back to skill
Skillv0.1.0
VirusTotal security
Docx · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:28 AM
- Hash
- 3f4504b1d35d4266372708c73f4b3aeccb9d1039b324bbfc4b95cd9013fcad2d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: docx-2 Version: 0.1.0 The skill bundle provides comprehensive DOCX manipulation tools but includes high-risk technical workarounds for environment compatibility. Specifically, `scripts/office/soffice.py` compiles a C shim at runtime and uses `LD_PRELOAD` to intercept system calls (socket, accept, etc.) to bypass sandbox restrictions on Unix sockets, a technique also used by userland rootkits. Additionally, `scripts/accept_changes.py` dynamically generates LibreOffice macros to automate document tasks. While these mechanisms appear aligned with the stated purpose of running Office tools in restricted environments, the use of runtime compilation and library injection represents a significant security risk and a large attack surface.
- External report
- View on VirusTotal