← Back to Skills Marketplace
Doc Handler - 文档处理
by
xaiohuangningde
· GitHub ↗
· v1.0.0
1619
Downloads
0
Stars
9
Active Installs
1
Versions
Install in OpenClaw
/install doc-handler
Description
读取和编辑 Word、PDF、Excel 文档。使用 python-docx、pdfplumber、openpyxl
README (SKILL.md)
doc-handler - 文档处理工具
功能
| 功能 | 命令 |
|---|---|
| 读取 Word | python3 -m doc_handler read docx 文件 |
| 读取 PDF | python3 -m doc_handler read pdf 文件 |
| 读取 Excel | python3 -m doc_handler read xlsx 文件 |
| 写入 Word | python3 -m doc_handler write docx 文件 "内容" |
使用示例
# 读取 Word 文档
python3 -c "from docx import Document; d = Document('file.docx'); print('\\
'.join([p.text for p in d.paragraphs]))"
# 读取 PDF
python3 -c "import pdfplumber; with pdfplumber.open('file.pdf') as pdf: print(pdf.pages[0].extract_text())"
# 读取 Excel
python3 -c "import pandas; df = pandas.read_excel('file.xlsx'); print(df)"
依赖
- python-docx
- pdfplumber
- openpyxl
- pandas
Usage Guidance
This package appears to be a simple document reader, but the SKILL.md advertises a 'write' command that the included script does not implement — likely a documentation/code mismatch. Before installing or enabling: (1) review and test the provided doc_handler.py locally in a sandbox, (2) install the listed Python packages (python-docx, pdfplumber, openpyxl, pandas) in a controlled environment, (3) do not pass sensitive files to the skill unless you trust where its output will go (the tool prints file contents to stdout which could be forwarded by the agent), and (4) if you need write functionality, request the author/publisher for a corrected implementation or add/verify the write logic yourself. The mismatch suggests sloppy packaging rather than obvious malicious intent, but exercise caution and avoid granting the agent access to private files until you're comfortable with the code.
Capability Analysis
Type: OpenClaw Skill
Name: doc-handler
Version: 1.0.0
The skill is classified as suspicious due to a significant arbitrary file read vulnerability. The `doc_handler.py` script takes a file path directly from command-line arguments and attempts to read it, regardless of its location or sensitivity. This allows an attacker, through prompt injection against the AI agent, to potentially read any file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). While the `SKILL.md` examples are benign, they demonstrate the agent's ability to execute arbitrary Python code, further highlighting the risk of code execution if the agent is prompted maliciously. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence.
Capability Assessment
Purpose & Capability
Name/description match the code's primary functionality: reading .docx, .pdf, and .xlsx files. Declared dependencies (python-docx, pdfplumber, openpyxl, pandas) align with those capabilities. However SKILL.md claims a 'write docx' command that the provided code does not implement, which is an incoherence between advertised capability and delivered code.
Instruction Scope
SKILL.md instructs running the module to read and (per the command table) write documents, but doc_handler.py only implements reading and a simple CLI for 'read'. Examples in SKILL.md also show ad-hoc python -c snippets (which are fine) but the presence of an advertised write command that has no implementation is misleading. The runtime instructions do not reference network calls or extra env vars; they do, however, instruct reading arbitrary files supplied to the tool — these files can contain sensitive data, so callers should be careful about where output goes.
Install Mechanism
No install specification is provided and this is an instruction- + single-file code skill. Nothing is downloaded or installed automatically by the skill itself, which reduces install-time risk. The user will need to install the declared Python packages manually or in their environment.
Credentials
No environment variables, credentials, or config paths are requested. That is proportional to the stated purpose. The skill reads local files only and does not request unrelated secrets.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills/configuration. It runs only when invoked and does not request elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install doc-handler - After installation, invoke the skill by name or use
/doc-handler - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of doc-handler.
- Supports reading and editing Word, PDF, and Excel documents.
- Utilizes python-docx, pdfplumber, and openpyxl libraries for document processing.
- Provides command-line usage examples for each supported file type.
Metadata
Frequently Asked Questions
What is Doc Handler - 文档处理?
读取和编辑 Word、PDF、Excel 文档。使用 python-docx、pdfplumber、openpyxl. It is an AI Agent Skill for Claude Code / OpenClaw, with 1619 downloads so far.
How do I install Doc Handler - 文档处理?
Run "/install doc-handler" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Doc Handler - 文档处理 free?
Yes, Doc Handler - 文档处理 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Doc Handler - 文档处理 support?
Doc Handler - 文档处理 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Doc Handler - 文档处理?
It is built and maintained by xaiohuangningde (@xaiohuangningde); the current version is v1.0.0.
More Skills