ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kindle2md

Convert Kindle HTML notebook exports to Obsidian Markdown format. Use this when the user wants to convert a Kindle book notes HTML file (exported from the Ki...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 41 · 0 current installs · 0 all-time installs
by@henrch1
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements Kindle HTML → Markdown conversion which matches the name/description. However the SKILL.md asks the user to set output_dir in references/config.md, while the included Python script does not read that config file (it uses a CLI --output argument or defaults to next to the input file). Also required Python packages (bs4/pyperclip/eglogging) and the need for Python itself are not declared in the skill metadata or install spec.
!
Instruction Scope
SKILL.md instructs the agent to read references/config.md to obtain output_dir; that's reasonable, but the conversion script does not read that file, so the instructions and runtime behavior are inconsistent. The runtime instructions also rely on executing a local Python script with a user-supplied path (which can overwrite files if --override is used). The script has a clipboard mode (pyperclip) that can read/write the system clipboard but SKILL.md doesn't document that option in detail.
!
Install Mechanism
There is no install spec. The Python script depends on third-party packages (BeautifulSoup/bs4, pyperclip, eglogging) which are not declared or installed by the skill. Running the script may fail or require manual package installation; absence of an install step is an incoherence but not necessarily malicious.
Credentials
The skill does not request environment variables, credentials, or config paths. The script operates on user-supplied local files and can write output; these privileges are proportional to the stated purpose. Note: pyperclip interacts with the system clipboard (local) and eglogging may read user-level logging config depending on that library's behavior.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system-wide agent settings. It writes output files only when invoked and can overwrite existing files if the --override flag is used.
What to consider before installing
This skill appears to implement the advertised conversion, but there are mismatches and missing pieces you should address before running it: - Dependencies: The script requires Python plus packages (bs4/BeautifulSoup, pyperclip, eglogging). The skill provides no install instructions. Install those packages in a virtualenv or inspect and add an install step before use. - Config mismatch: SKILL.md tells you to edit references/config.md for output_dir, but the script never reads that file. Either run the script with -o pointing to your desired path, or modify the script to read config.md if you want that behavior. - File safety: The script will overwrite output files when run with --override. Double-check output paths to avoid accidental data loss. - Clipboard & logging: The script can copy output to the system clipboard (pyperclip) and uses eglogging which may load user logging configuration—review those behaviors if clipboard or local logging config access is a concern. Recommendations: inspect the script locally, run it in a controlled environment (e.g., temp folder or VM), install required Python packages explicitly, and correct the SKILL.md/install metadata or the script so the declared config and runtime behavior match. If you want higher assurance, request the author add an explicit install spec and a config-reading implementation (or remove the config.md instruction).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cf7frhty40vge34a00j4x5s8363aj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Kindle to Markdown

Use this skill to convert Kindle HTML notebook exports to Obsidian Markdown format.

Setup (First Time Only)

Before using, configure the output directory by editing references/config.md.

Read references/config.md to get the output_dir value. If the value is still "CHANGE_TO_YOUR_OBSIDIAN_BOOKS_PATH", remind the user to configure it first.

Input

The user will provide an HTML file path, for example:

  • /kindle2md "下载/动物农场.html"
  • /kindle2md "C:/Users/Downloads/动物农场 (Z-Library) - 笔记本.html"

Extract the book title from the HTML filename:

  • Remove path and extension
  • Remove metadata like "[英]作者", "(Z-Library)", " - 笔记本"

Output

Output directory: Read from references/config.mdoutput_dir

Output filename: {书名}.md

Example: for input file 动物农场 ([英]乔治·奥威尔) (Z-Library) - 笔记本.html, output should be 动物农场.md

If file already exists, overwrite it.

Runtime

Run the conversion script from the scripts folder:

python "<skill_path>/scripts/kindle_notes_to_md.py" --override -o "<output_dir>/<书名>.md" "<用户提供的HTML路径>"

Where:

  • <skill_path> is the path to this skill folder
  • <output_dir> is read from references/config.md

Success

Report to the user:

  • "转换完成!文件已保存到: {output_path}"

Errors

If the HTML file doesn't exist or is invalid, report the error to the user clearly.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…