MarkItDown Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a straightforward document-to-Markdown helper, with expected user-directed risks around installing an external Python package, optional plugins, and optional cloud/LLM services.
This skill appears safe for its stated purpose. Before installing, use a virtual environment if possible, install only the MarkItDown extras you need, avoid enabling third-party plugins unless trusted, and be careful with optional OpenAI or Azure features when converting sensitive documents.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the full package may bring in many third-party dependencies beyond the skill's own small script.
The skill's core functionality depends on an external pip package with broad optional extras. This is disclosed and purpose-aligned, but it expands the dependency surface users install.
pip install 'markitdown[all]'
Install in a virtual environment, consider using only the specific extras you need, and keep the package updated from a trusted source.
Using plugins can broaden what code participates in conversions and may change how documents are processed.
The MarkItDown plugin mechanism is documented as optional and off by default, but enabling third-party plugins can run additional converter code outside the base skill.
enable_plugins (bool): Enable 3rd-party plugins (default: False)
Only enable plugins when needed and only from sources you trust.
If enabled, documents or images may be processed through external provider services using the user's credentials.
Optional enhanced conversion paths use OpenAI-compatible clients or Azure Document Intelligence credentials. This is expected for those integrations, but it introduces provider-account authority.
from openai import OpenAI ... md = MarkItDown(llm_client=client, llm_model="gpt-4o") ... Set environment variable: AZURE_DOCUMENT_INTELLIGENCE_KEY=<your-key>
Use these options only for documents you are comfortable sending to the chosen provider, and keep API keys scoped and protected.
Future agent tasks may more readily use MarkItDown for web pages and local documents after this instruction is added.
The setup guide recommends adding persistent agent instructions that change future tool-selection behavior. This is user-directed and relevant to the skill, but persistent instructions should be reviewed.
Add to your `AGENTS.md`: ... Use `markitdown <url>` instead of curl/wget ... Use `markitdown <file>` to convert PDFs, Word, Excel, etc.
Only add the AGENTS.md guidance if you want this persistent behavior, and keep it scoped to document-conversion tasks.