Skillv1.0.3

ClawScan security

文档整理技能 (convert-markdown) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 3:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and code generally match a document-to-Markdown converter, but the package metadata omits required runtime dependencies (Python/Node/Tesseract) and provenance is unclear — these inconsistencies merit caution.
Guidance: This package appears to be a legitimate converter wrapper, but exercise caution before installing or running it: 1) The registry metadata omits runtime requirements while SKILL.md and the scripts require Python 3.10+ (and optionally Node.js/NPX and system Tesseract for OCR). Ensure you provision those runtimes yourself. 2) The skill depends on the third-party Python package markitdown — review that package on PyPI/GitHub to confirm its provenance and recent versions before pip installing. 3) Because the code will execute local Python code and third-party library logic, run it in an isolated environment (virtualenv, container) and avoid giving it access to sensitive directories. 4) If you need OCR or YouTube download features, be aware they may require installing system tools (Tesseract, ffmpeg) and additional Python extras. 5) The bundle claims "Microsoft + OpenClaw Community" but the skill homepage/source is unknown — verify the upstream project URLs and repository before trusting it in production.

Review Dimensions

Purpose & Capability: noteThe skill's name/description align with the included scripts (Python wrappers around a MarkItDown converter). However the registry metadata claims no required binaries or env vars while SKILL.md and the scripts explicitly require Python 3.10+ (and optionally Node.js/NPX and system Tesseract for OCR). This mismatch between declared requirements and actual runtime needs is incoherent and important.
Instruction Scope: okRuntime instructions only describe installing the MarkItDown Python package and running local conversion tools; the code accesses local files/directories (as expected), writes Markdown outputs and metadata (paths, sizes, timestamps). There are no automatic network exfiltration endpoints or hidden data-sending steps in the scripts. Documentation includes examples that fetch Tesseract language data from GitHub raw URLs, but those are manual instructions, not performed automatically by the skill.
Install Mechanism: concernThere is no install specification for the platform even though the bundle contains executable code. The manifest lists pip package dependencies (markitdown[docx,xlsx,pdf]>=0.1.5) and package.json provides a Node wrapper, but the registry 'requirements' section declared none — this inconsistency means the runtime environment may lack required interpreters/packages unless the user manually installs them. The code itself does not download arbitrary archives or use obscure URLs.
Credentials: okThe skill requests no environment variables or credentials. The scripts operate on local files and produce local outputs; metadata collected (original_path, file sizes, timestamps, authors from document metadata) is reasonable for an indexing/convert tool. There are no unexpected secret or cloud credentials requested.
Persistence & Privilege: okalways:false and the skill does not request persistent system-wide privileges. It does not modify other skills or global agent settings. It can start services (e.g., user can run an MCP server), but that is optional and user-initiated per the docs.