SR
SkillRadar
Agent security + benchmarks
Menu

Security first

Safety Radar beta now; performance benchmarks, private registries, and runtime skill recommendations next.

Trust Report v1

docx

Use this skill whenever the user wants to create, read, edit, or manipulate Word documents (.docx files). Triggers include: any mention of 'Word doc', 'word document', '.docx', or requests to produce professional documents with formatting like tables of contents, headings, page n

Overall
68
Trust
47
Utility
80
Momentum
95

Install caution

High-risk behavior present

Risk: High

Source: Anthropic Skills

Path: skills/docx/SKILL.md

Review flags: filesystem/home-directory access, network access or external URLs, package installation commands, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Shell commands
  • Network/API usage
  • Filesystem/home access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

network_accessmedium

Mentions external URLs, network APIs, downloads, or HTTP client usage.

package_installmedium

Mentions package installation or dependency-fetching commands.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -45 from 4 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 10.
  • Environment variables detected: 0.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 2 day(s) ago.
  • Recent commit volume: 7 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 128456 stars.
  • Fork activity suggests reuse: 15111 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

None detected in SKILL.md text scan.

Commands

  • npm install -g docx
  • python scripts/accept_changes.py input.docx output.docx
  • python scripts/comment.py unpacked/ 0 "Comment text with & and ’"
  • python scripts/comment.py unpacked/ 0 "Text" --author "Custom Author" # custom author name
  • python scripts/comment.py unpacked/ 1 "Reply text" --parent 0 # reply to comment 0
  • python scripts/office/pack.py unpacked/ output.docx --original document.docx
  • python scripts/office/soffice.py --headless --convert-to docx document.doc
  • python scripts/office/soffice.py --headless --convert-to pdf document.docx
  • python scripts/office/unpack.py document.docx unpacked/
  • python scripts/office/validate.py doc.docx

URLs

  • https://example.com

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources