ClawHub

Markdown Anything

v1.0.0

Convert PDF, DOCX, XLSX, PPTX, images, audio, and 25+ file formats to clean Markdown using the Markdown Anything API.

0· 351·0 current·0 all-time
byAditya Tripathi@adiologydev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to convert many file types via the Markdown Anything API and only requires MDA_API_TOKEN — that aligns with the stated purpose. However, the bundled scripts invoke curl and python3 but the registry metadata lists no required binaries; the missing declaration is an inconsistency the user should be aware of.
Instruction Scope
SKILL.md and the scripts stay on-purpose: they send the provided file to https://markdownanything.com/api/v1/convert and return the Markdown result. This does mean user files are transmitted to a third-party endpoint (explicitly documented). No other local files or unrelated environment variables are accessed.
Install Mechanism
There is no install spec (instruction-only plus two small scripts). Nothing is downloaded or written to disk by an installer, so installation risk is low.
Credentials
Only MDA_API_TOKEN is required (primary credential) and the optional flags are narrowly scoped to conversion behavior. The requested environment variables are proportional to the skill's purpose.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not modify other skills or system settings, and does not store secrets. Autonomous invocation is allowed (platform default) but not unusually privileged here.
What to consider before installing
This skill appears to be what it says: it uploads the file you provide to markdownanything.com and returns Markdown. Before installing or using it: (1) understand that any file you convert will be transmitted to https://markdownanything.com — do not upload sensitive data unless you trust the service and have read its privacy policy; (2) provide only a token from the official Markdown Anything workspace (MDA_API_TOKEN) and avoid reusing high-privilege secrets; (3) ensure curl and python3 are available in the execution environment (the scripts require them, but the registry metadata does not declare them); (4) verify the homepage and token retrieval flow (source is listed as unknown, which lowers confidence); (5) if you need stronger assurance, run the scripts in an isolated environment (or inspect and run them manually) and confirm network egress rules; and (6) prefer tokens with limited scope/rotation and monitor usage/credit balance after first use.

Like a lobster shell, security has layers — review code before you run it.

latestvk977fpzkbe6mdy7z8p2eycgf3n81dkgp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
EnvMDA_API_TOKEN
Primary envMDA_API_TOKEN

Comments