ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Convert Document To Markdown

v1.0.0

Convert supported local files into Markdown by running this repository's Dockerized file-only CLI. This skill must run through Docker with a prebuilt Aliyun...

0· 48·0 current·0 all-time
by@kadbbz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description align with the provided script and SKILL.md: it converts local files to Markdown via Docker. However, the metadata declares a primary credential (VL_API_KEY) while 'Required env vars' is empty and the SKILL.md treats VL as optional (only needed for 'vl' modes). That mismatch is worth noting but can be explained by optional VL-based image processing.
Instruction Scope
The runtime instructions stay within the stated purpose: run the container with the target file mounted read-only and return JSON/markdown. SKILL.md says it will read one-time OpenClaw skill config (~/.openclaw/openclaw.json) or repo .env, but the included wrapper script only loads a local .env and forwards VL_* host env vars — it does not itself read ~/.openclaw/openclaw.json. This is an implementation/documentation mismatch.
!
Install Mechanism
There is no install spec, but the runtime script will docker pull and run an image from a personal Aliyun CR registry (crpi-...personal.cr.aliyuncs.com). Pulling and executing an opaque third-party image is high-risk: the container can execute arbitrary code and network traffic, and the script does not verify image provenance or digest. Using Docker here is expected for a containerized CLI, but the image source being a personal/unknown registry increases risk.
!
Credentials
The script forwards multiple VL_* environment variables (VL_BASE_URL, VL_API_KEY, VL_MODEL, and others) or an env-file into the container if present. Forwarding vision API credentials into the container is functionally justified only when the user requests 'vl' or 'vl-page' processing; it is unnecessary for default OCR mode. The metadata/primaryEnv setting also implies VL_API_KEY is the skill's main credential even though SKILL.md treats it as optional — an inconsistency that could lead to unneeded exposure of secrets.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. The wrapper is instruction-only and does not install persistent agents. No elevated platform privileges are requested.
What to consider before installing
This skill does what it says — it runs a Docker image to convert files to Markdown — but you must trust the image. Before installing or running: 1) Confirm you trust crpi-4auaoyyj6r36p6lb.cn-hangzhou.personal.cr.aliyuncs.com/huozige_lab and the image maintainers, or prefer images from a well-known registry. 2) Do not put sensitive secrets (API keys) in a repo .env or host env unless you want them forwarded into the container; only set VL_API_KEY when you need Vision API processing. 3) If possible, pull and inspect or rebuild the image locally (or require image digests) so you know what code will run. 4) Consider running the container in a restricted environment (network-disabled or sandbox) if you must process sensitive files. 5) Note the documentation vs. script mismatch around reading ~/.openclaw/openclaw.json — the wrapper script only loads a local .env; ensure your platform handles any OpenClaw config securely.

Like a lobster shell, security has layers — review code before you run it.

latestvk972dp8xxbvjrxaayyww9g20c183rc2g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsdocker
Primary envVL_API_KEY

Comments