chore(skills): sync docx-editing to 0.3.0 matching ClawHub

[stevenobiajulu]

Summary

Syncs scanner-mitigation content from ClawHub back to git. The docx-editing skill was iterated against reviewer feedback on ClawHub (v0.1.0 → v0.3.0) without committing back to the repo. This PR pulls those changes into git so Smithery (which publishes from the local directory) can be republished at parity.

Same pattern as the recent email-agent-mcp PR #38 — ClawHub-first iteration drift getting reconciled to git.

What changed

• skills/docx-editing/SKILL.md (0.1.0 → 0.3.0): adds "Source Code and Audit" section, expanded runtime requirements table, two-phase safety model (install-time vs runtime), offline/pinned install guidance, related skills, feedback link
• skills/docx-editing/CONNECTORS.md: pins version in example configs, adds offline / high-security install path, build-from-source guidance
• SECURITY.md: supported-versions table, tightened ack SLA, explicit scope (in-scope / out-of-scope classes), renamed "Scope Notes" → "Architecture Notes"
• package.json / packages/safe-docx/package.json: keyword metadata updates

Why

• Git is currently behind ClawHub on this skill. Users inspecting the repo don't see the scanner-mitigation content that's already live on ClawHub.
• Smithery publishes from the local directory and is currently at 0.1.0. It will be republished after this lands to complete the sync.

Test plan

• CI passes (no code changes, docs + package.json keywords only)
• After merge, republish docx-editing to Smithery at 0.3.0
• Verify Smithery listing shows 0.3.0 and pulls the updated SKILL.md content

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
site	Ready	Preview, Comment	Apr 21, 2026 1:02am

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!