ClawHub

AIGroup Markdown to Word MCP

v0.1.2

Use `aigroup-mdtoword-mcp` to convert Markdown into `.docx`. Route Markdown file conversion, generated Markdown conversion, table-to-Markdown preprocessing,...

0· 115·0 current·0 all-time
byjackdark@jackdark425
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: the skill directs conversion of Markdown (including tables/formulas) to .docx via an MCP named aigroup-mdtoword-mcp. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md confines actions to confirming the deliverable, selecting conversion operations (markdown_to_docx or table_data_to_markdown), and returning the generated .docx path; it does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
The skill is instruction-only and has no install spec, which minimizes local risk. References indicate the upstream MCP is available via npm (npx -y aigroup-mdtoword-mcp) and supports stdio/http transports — invoking npx/npm will pull code from the registry at runtime, which is normal for this scenario but carries the usual supply-chain risk if the upstream package is untrusted.
Credentials
No environment variables, credentials, or config paths are requested. The requested surface (none) is proportional to a document-conversion tool.
Persistence & Privilege
Skill is not forced-always, does not request system-wide changes, and does not declare persistent privileges. It behaves as a normal user-invocable MCP adapter.
Assessment
This skill is internally consistent and appears to just route Markdown to an external converter. Before installing: (1) verify the upstream package (aigroup-mdtoword-mcp) and its publisher on npm/GitHub to ensure you trust it; (2) if you mind remote code execution, avoid allowing the agent to run npx/npm or run conversions in an isolated environment; (3) confirm the MCP will not upload documents to unknown endpoints (the skill references stdio/http transports — prefer stdio/local transport if you want to avoid network I/O); (4) if you need stronger assurance, request a packaged binary or review the upstream repository code before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d9kd3wr6wkjh6zpyt5g5pxx83e83h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments