bruce-doc-converter-skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a coherent document converter, but it asks the agent to install an unreviewed external CLI and to run a command returned by that CLI without clear validation.
Use this skill only if you trust the `bruce-doc-converter` package source. Prefer isolated installation, review or approve any command suggested by `next_command` before it is run, and limit conversions to files or directories you intentionally want the agent to read.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may execute third-party package code on the local machine.
The skill relies on installing an external package that is not bundled with the reviewed artifacts and is not version-pinned.
pipx install bruce-doc-converter ... uv tool install bruce-doc-converter ... pip install --user bruce-doc-converter
Install it only from a trusted package source, prefer an isolated environment such as pipx or a venv, and pin or verify the package version when possible.
If the CLI output is unexpected or compromised, the agent could run a local command the user did not explicitly approve.
This tells the agent to execute a command supplied in the CLI's JSON response, but the skill does not whitelist the allowed command or require user confirmation.
If Markdown to Word returns `DEPENDENCY_INSTALL_REQUIRED`, run `next_command` when present, otherwise run `bdc setup-node`, then retry.
Only run known setup commands such as `bdc setup-node`, validate any `next_command` before execution, and ask the user before running dynamically supplied commands.
Private document contents may become visible to the agent during conversion and analysis.
The skill intentionally places converted document contents into the agent's working context so they can be read or analyzed.
Office/PDF inputs include `markdown_content` for direct analysis.
Use the skill only on documents you are comfortable having the agent read, and avoid broad batch conversion of sensitive folders.