ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docling

v1.0.2

Extract and parse content from web pages, PDFs, documents (docx, pptx), and images using the docling CLI with GPU acceleration. Use INSTEAD of web_fetch for extracting content from specific URLs when you need clean, structured text. Use Brave (web_search) for searching/discovering pages. Use docling when you HAVE a URL and need its content parsed.

0· 1.3k·5 current·5 all-time
by@er3mit4
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description promise (extract/parse web pages, PDFs, images via a CLI with optional GPU) matches the runtime instructions which show command-line usage of a local `docling` tool. One minor inconsistency: the registry metadata in the provided summary lists no required binaries, but SKILL.md metadata and the instructions explicitly require the `docling` CLI to be installed (e.g., via `pipx`). This is plausibly a metadata sync issue and not a functional mismatch.
Instruction Scope
SKILL.md only instructs the agent to run `docling` against URLs or local files, read output files, and clean up. It does not ask the agent to read unrelated system files or environment variables. The doc explicitly warns about risky flags (`--enable-remote-services`, `--allow-external-plugins`, custom `--headers`) which, if used, could exfiltrate data—those flags are part of the CLI but are cautioned against in the instructions.
Install Mechanism
There is no install spec in the skill bundle (instruction-only). The SKILL.md advises installing `docling` via `pipx`, which is a reasonable, low-risk installation path; nothing in the bundle tries to download or run arbitrary code itself.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. That fits a local CLI wrapper which relies on an installed binary. This is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request always-on presence, does not modify other skills or system-wide settings, and allows autonomous invocation (default) which is normal. No elevated persistence or privilege is requested by the skill itself.
Assessment
This skill is an instruction-only wrapper around a local `docling` CLI. Before installing or using it: (1) install the `docling` CLI from a trusted source (e.g., the official project or PyPI) and verify package integrity, (2) avoid using the flagged options `--enable-remote-services` and `--allow-external-plugins` unless you trust the remote endpoints and plugins (they can send your document data off-host), (3) prefer writing outputs to a controlled temporary directory and remove outputs after use, (4) don't pass custom headers or other untrusted inputs that might be used to redirect requests or leak data, and (5) be cautious when processing sensitive documents—OCR and model enrichments may send content to model backends if you enable remote services. The skill metadata mismatch about required binaries (registry vs SKILL.md) and the lack of an official source/homepage lowers confidence; if you need higher assurance, ask the publisher for the authoritative project URL or a signed release before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bgrt6kr4h7g41jm9wrkneh98117qg
1.3kdownloads
0stars
3versions
Updated 7h ago
v1.0.2
MIT-0
@er3mit4
latest
Download

Docling - Document & Web Content Extraction

CLI tool for parsing documents and web pages into clean, structured text. Uses GPU acceleration for OCR and ML models.

Prerequisites

  • docling CLI must be installed (e.g., via pipx install docling)
  • For GPU support: NVIDIA GPU with CUDA drivers

When to Use

  • Extract content from a URL → Use docling (not web_fetch)
  • Search for information → Use web_search (Brave)
  • Parse PDFs, DOCX, PPTX → Use docling
  • OCR on images → Use docling

Quick Commands

Web Page → Markdown (default)

docling "<URL>" --from html --to md

Output: creates a .md file in current directory (or use --output)

Web Page → Plain Text

docling "<URL>" --from html --to text --output /tmp/docling_out

PDF with OCR

docling "/path/to/file.pdf" --ocr --device cuda --output /tmp/docling_out

Key Options

OptionValuesDescription
--fromhtml, pdf, docx, pptx, image, md, csv, xlsxInput format
--tomd, text, json, yaml, htmlOutput format
--deviceauto, cuda, cpuAccelerator (default: auto)
--outputpathOutput directory (recommended: use controlled temp dir)
--ocrflagEnable OCR for images/scanned PDFs
--tablesflagExtract tables (default: on)

Security Notes

⚠️ Avoid these flags unless you trust the source:

  • --enable-remote-services - can send data to remote endpoints
  • --allow-external-plugins - loads third-party code
  • Custom --headers with untrusted values - can redirect requests

Workflow

  1. For web content extraction: Use docling "<URL>" --from html --to text --output /tmp/docling_out
  2. Read the output file from the specified output directory
  3. Clean up the output directory after reading

GPU Support

Docling supports GPU acceleration via CUDA (NVIDIA). Verify CUDA is available:

python -c "import torch; print(torch.cuda.is_available())"

Full CLI Reference

See references/cli-reference.md for complete option list.

Comments

Loading comments...