Add 9 skills from marketplace

[itsablabla]

Added from Capy skills marketplace:

• scrape from brightdata/skills
• web-search from skillssh/skills
• python-executor from skillssh/skills
• browser-use from browser-use/browser-use
• skill-creator from anthropics/skills
• pdf from anthropics/skills
• docx from anthropics/skills
• pptx from anthropics/skills
• xlsx from anthropics/skills

---

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[kilo-code-bot]

WARNING: TimeoutExpired is caught and treated as success

When the 30-second timeout fires, LibreOffice has not finished writing the file. The output DOCX will likely be incomplete or corrupt. Returning the success message here is incorrect — a timeout means the operation did not complete.

The TimeoutExpired branch should return an error, not a success message:

Suggested change

	f"Successfully accepted all tracked changes: {input_file} -> {output_file}",
	None,
	f"Error: LibreOffice timed out accepting changes for: {input_file}",

[kilo-code-bot]

WARNING: Unsanitized text is interpolated directly into an XML template

The COMMENT_XML template uses Python string .format() to insert text verbatim. If the caller passes a string containing <, >, &, ", or ' characters (common in document comments), the resulting <w:t> element will contain malformed XML and _append_xml will fail or silently produce a corrupt document.

The docstring says text must be "pre-escaped XML," but this is not enforced programmatically. At minimum, apply xml.sax.saxutils.escape(text) before formatting, or use DOM APIs to set the text node value (which handle escaping automatically).

[kilo-code-bot]

CRITICAL: Bare next() call will raise StopIteration if the page is not found

next(p for p in fields_data["pages"] if p["page_number"] == page_num) raises StopIteration (which propagates as an unhandled exception) when no entry in pages matches page_num. This crashes the script entirely rather than providing a useful error message.

Add a default or handle the case explicitly:

Suggested change

	page_info = next(p for p in fields_data["pages"] if p["page_number"] == page_num)
	page_info = next((p for p in fields_data["pages"] if p["page_number"] == page_num), None)

Then add a guard after this line:

        if page_info is None:
            print(f"Error: no page info found for page {page_num}")
            sys.exit(1)

[kilo-code-bot]

WARNING: assert used for user-facing input validation

assert statements are stripped when Python runs with the -O (optimize) flag (python -O validate.py ...), silently skipping these checks. For a CLI tool, use explicit conditionals with print + sys.exit(1) instead:

if not path.exists():
    print(f"Error: {path} does not exist")
    sys.exit(1)

The same applies to the assert calls on lines 61–68 and 77.

[kilo-code-bot]

WARNING: Shared /tmp path for compiled .so creates a TOCTOU race condition

_SHIM_SO is hardcoded to /tmp/lo_socket_shim.so. On a multi-user system, a malicious local user can pre-create or replace this path with arbitrary code before or after the existence check on this line. The check if _SHIM_SO.exists(): return _SHIM_SO does not verify ownership or integrity of the existing file.

Consider namespacing the path with the effective UID (e.g., Path(tempfile.gettempdir()) / f"lo_socket_shim_{os.getuid()}.so"), or use tempfile.mkstemp() to create the file atomically.

[kilo-code-bot]

Code Review Summary

Status: 5 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	1
WARNING	4
SUGGESTION	0

Issue Details (click to expand)

CRITICAL

File	Line	Issue
.agents/skills/pdf/scripts/fill_pdf_form_with_annotations.py	52	Bare next() raises uncaught StopIteration when page not found in fields_data["pages"]

WARNING

File	Line	Issue
.agents/skills/docx/scripts/accept_changes.py	79	TimeoutExpired is caught and incorrectly returns a success message — the DOCX may be incomplete/corrupt on timeout
.agents/skills/docx/scripts/comment.py	248	text is interpolated unsanitized into XML template — XML special characters (<, >, &) in comment text will produce malformed XML
.agents/skills/docx/scripts/office/validate.py	56	assert used for CLI input validation — silently disabled under python -O, skipping path/file checks
.agents/skills/docx/scripts/office/soffice.py	54	Shared /tmp/lo_socket_shim.so path has a TOCTOU race on multi-user systems; ownership/integrity of existing file is not verified

Other Observations (not in diff)

• fill_fillable_fields.py — monkeypatch_pydpf_method() is only called in __main__, not when the module is imported as a library. Any caller that imports and calls fill_pdf_fields() directly will not have the patch applied, silently producing wrong option values for Opt choice fields.
• extract_form_field_info.py line 25–26 — The make_field_dict function uses field.get("/_States_", []) for /Btn fields but does not distinguish between push-buttons and checkboxes (both share /Btn field type). Push-button fields with no states will yield an empty checked_value/unchecked_value entry.
• XSD schemas duplicated between docx and pptx skills — The entire office/schemas/ tree (40+ large XSD files) is duplicated verbatim between .agents/skills/docx/ and .agents/skills/pptx/. This doubles the storage for identical content.

Files Reviewed (22 files)

• .agents/skills/docx/scripts/accept_changes.py — 1 issue
• .agents/skills/docx/scripts/comment.py — 1 issue
• .agents/skills/docx/scripts/office/helpers/merge_runs.py
• .agents/skills/docx/scripts/office/helpers/simplify_redlines.py
• .agents/skills/docx/scripts/office/pack.py
• .agents/skills/docx/scripts/office/soffice.py — 1 issue
• .agents/skills/docx/scripts/office/unpack.py
• .agents/skills/docx/scripts/office/validate.py — 1 issue
• .agents/skills/docx/scripts/office/validators/base.py
• .agents/skills/docx/scripts/office/validators/docx.py
• .agents/skills/docx/scripts/office/validators/pptx.py
• .agents/skills/docx/scripts/office/validators/redlining.py
• .agents/skills/pdf/scripts/check_bounding_boxes.py
• .agents/skills/pdf/scripts/extract_form_field_info.py
• .agents/skills/pdf/scripts/extract_form_structure.py
• .agents/skills/pdf/scripts/fill_fillable_fields.py
• .agents/skills/pdf/scripts/fill_pdf_form_with_annotations.py — 1 issue
• .agents/skills/pptx/scripts/add_slide.py
• .agents/skills/pptx/scripts/clean.py
• .agents/skills/browser-use/SKILL.md
• .agents/skills/docx/SKILL.md
• .agents/skills/pdf/SKILL.md

Fix these issues in Kilo Cloud

---

_{Reviewed by claude-4.6-sonnet-20260217 · 1,293,285 tokens}