ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markdown to PDF

v1.0.0

Convert Markdown files to beautiful PDF documents. Supports custom styling, code highlighting, and multiple output options. Use when users need to convert MD...

0· 117·1 current·1 all-time
by@alone86136
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe converting Markdown to PDF. The code implements Markdown→HTML conversion, syntax highlighting, and calls wkhtmltopdf to create a PDF — exactly what the skill claims. Declared dependencies (markdown, pygments, wkhtmltopdf) match the implementation.
Instruction Scope
SKILL.md instructs installing pip packages and wkhtmltopdf and to run the included script. The runtime instructions do not read environment variables or unrelated system files. One operational detail to note: the script invokes wkhtmltopdf with --enable-local-file-access, which is necessary to embed local resources (images/CSS) but means wkhtmltopdf may read local files or fetch remote resources referenced by the generated HTML — this is expected for this functionality but worth being aware of.
Install Mechanism
No install spec is provided (instruction-only skill + included script). Dependencies are standard Python packages and a well-known external binary (wkhtmltopdf). The skill does not download or execute code from untrusted URLs or include an automated installer that writes arbitrary archives to disk.
Credentials
The skill requires no environment variables or credentials. The requested resources (Python libs and system wkhtmltopdf) are proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or agent-wide configuration.
Assessment
This skill appears to do exactly what it says: convert Markdown to PDF using the included Python script plus wkhtmltopdf. Before installing/use: (1) install wkhtmltopdf from an official package or distro repository (avoid unknown binaries), (2) be cautious when converting untrusted Markdown that references local file paths or remote URLs — wkhtmltopdf's --enable-local-file-access allows reading local files and fetching remote resources, which could expose sensitive local content if the Markdown includes file:// links or similar, and (3) run conversions in a sandbox or with limited file permissions if you expect untrusted input. Otherwise the skill is internally consistent and proportionate.

Like a lobster shell, security has layers — review code before you run it.

latestvk979d1tn629bfb0p4yf2kc3w9183gzs4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments