ClawHub

Nm Leyline Document Conversion

v1.0.0

Document-to-markdown conversion with tiered fallback: MCP markitdown, native tools, or user notice

0· 50·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the runtime instructions: the skill implements a three-tier conversion strategy (MCP markitdown, native tools, user notice). Requested config paths relate to content-sanitization and error patterns which are reasonable for a conversion/integration layer.
Instruction Scope
Instructions explicitly tell the agent to resolve local paths (expand ~, construct file:// URIs), call Read/WebFetch, and pass URIs to the external MCP convert_to_markdown tool. This is coherent for conversion, but it means the agent may read arbitrary user files and/or cause those files (or remote URLs) to be fetched or transmitted to an external MCP server. The skill does include a content-sanitization step, but it does not mandate explicit user consent before sending local files to a remote converter.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest risk in terms of disk writes and third-party downloads.
Credentials
No environment variables or credentials are requested. The two required config paths (night-market.content-sanitization, night-market.error-patterns) are configuration-only and align with the described sanitize/error-handling steps.
Persistence & Privilege
Skill is not always-included and does not request persistent elevated privileges or modify other skills' configs. It only references adding an MCP server to .mcp.json as an optional user action (not automatic).
Assessment
This skill looks coherent for converting documents, but it can read local files and/or pass their URIs to an external MCP server for conversion. Before installing or enabling this skill: (1) Confirm whether your agent will automatically send local file:// URIs or remote URLs to an external converter and require explicit user confirmation if you want to avoid that. (2) Verify trust in the markitdown/MCP server you configure (running markitdown-mcp or remote services may receive full document contents). (3) Review and tune the night-market.content-sanitization checklist so sensitive content is truncated or redacted before transmission. (4) If you need strict data residency, avoid using Tier 1 (MCP) or host the MCP server in a trusted environment. If you want stronger assurance, ask for explicit runtime prompts before any file is uploaded or fetched by the MCP server.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xcxx9ysycr779j15bt7zb184r0t1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Confignight-market.content-sanitization, night-market.error-patterns

Comments