ClawHub

MarkItDown Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent document-to-Markdown helper, with optional network, cloud, and plugin features that users should choose carefully for sensitive files.

Install only if you trust the MarkItDown package and its dependencies. Use local-only conversion for confidential documents, avoid untrusted URLs, and enable OpenAI, Azure Document Intelligence, audio/YouTube transcription, or plugins only when you are allowed to share the relevant content and trust the provider or plugin source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README explicitly advertises converting remote URLs and YouTube content but does not warn users that these actions initiate network requests and may transmit document or media URLs to third-party services used by the underlying tooling. In a security-sensitive agent environment, undocumented network access can violate user expectations, leak metadata, or trigger unintended external communication.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The examples show converting local files and URLs with output redirection but do not warn that the commands may fetch remote content and write files. In an agent context, this can lead to unintended network access or overwriting/creating files if a user copies examples without understanding the side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises OCR, EXIF extraction, audio transcription, and web/YouTube conversion without any privacy or data-handling warning. These features can process sensitive documents, embedded metadata, speech, and remote content, increasing the risk of exposing personal, confidential, or regulated data when used by an agent or unsuspecting user.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples show sending converted document text and image-derived content to external LLM services via OpenAI without any warning that sensitive document contents may leave the local environment. In a document-conversion skill, users may reasonably assume processing is local, so omitting disclosure increases the risk of accidental exfiltration of confidential files, contracts, PII, or regulated data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The Azure Document Intelligence example implies a simple conversion path but does not disclose that the PDF contents are sent to a remote cloud endpoint for processing. For a skill centered on file conversion, this omission can mislead users into treating cloud-backed processing as equivalent to local parsing, creating privacy and compliance exposure for sensitive documents.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly promotes use of external LLM and Azure Document Intelligence services for processing document content, but it does not warn that file contents, images, or metadata may be transmitted to third-party cloud providers. In a document-conversion skill, users may reasonably process sensitive files, so omission of a privacy/data-transfer warning can lead to inadvertent disclosure of confidential information.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The reference shows plugin enablement as a normal option and later documents plugin discovery and use, but it does not warn that third-party plugins execute code and may introduce arbitrary code execution, data exfiltration, or unsafe processing. In an agent skill context, normalizing plugin activation without a trust boundary warning increases the chance that users enable unreviewed extensions in sensitive environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal