ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

md-2-pdf

v1.0.0

Convert markdown files to clean, formatted PDFs using reportlab

0· 1.9k·0 current·0 all-time
by@araa47
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for Markdown→PDF conversion and the package provides a Python script that uses reportlab for PDF generation. The declared required binary 'uv' matches the script shebang which runs via 'uv run'; this dependency is coherent with how the script is invoked.
Instruction Scope
SKILL.md only tells the agent to run the included script with uv and to pass input/output flags. It does not instruct the agent to read unrelated files, environment variables, or send data to external endpoints. The script parses markdown and constructs PDF elements (headers, lists, code blocks, tables, images) which is consistent with the feature list.
Install Mechanism
There is no install spec (instruction-only) which minimizes disk write risk. The script contains a comment listing a runtime dependency ('reportlab'); how that dependency is installed at runtime depends on the host's 'uv' runner. This is reasonable but you should confirm how your environment resolves Python dependencies when running 'uv run'.
Credentials
The skill requires no environment variables or credentials. The script operates on local files (markdown and referenced image paths) which is expected for a converter. No unrelated secrets or tokens are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It does not modify other skills or global agent settings. Autonomous model invocation is allowed (default) but that is normal and acceptable here.
Assessment
This skill appears coherent and focused on converting Markdown to PDF. Before installing: (1) Verify the 'uv' runner on your system is the expected/trusted tool and understand how it installs Python dependencies (it may auto-install reportlab); (2) be aware the converter will read local files referenced by the markdown (images, etc.); (3) run it on non-sensitive sample files first to confirm behavior. If you require stricter isolation, run the script in a sandbox or inspect the full script in your environment before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e7j431wsysmr94j7jgs2chd80d32j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binsuv

Comments