Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Epub2md Cli
v1.0.0Use the local `epub2md` CLI to inspect EPUB files and convert them into Markdown. Make sure to use this whenever the user mentions `.epub` files, EPUB 转 Mark...
⭐ 0· 81·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description promise (inspect & convert EPUB → Markdown) matches the bundled wrapper script and SKILL.md. The files operate on local EPUBs, stage inputs, run epub2md, and write outputs to a dedicated workspace. No unrelated environment variables, credentials, or unrelated binaries are required by the skill itself.
Instruction Scope
SKILL.md instructs the agent to invoke the local epub2md CLI (or install it via npm if missing), to stage files, and to use shell tools to discover EPUB files when needed. Those actions are within the skill's purpose, but note: the instructions allow (and sometimes recommend) running external commands (e.g., npm install -g epub2md, rg) and performing file discovery and copying. The doc also recommends proactively using the skill whenever .epub is mentioned — this is aggressive but consistent with the skill's stated intent.
Install Mechanism
There is no bundled install spec; the SKILL.md suggests using npm install -g epub2md if the binary is absent. That is an expected, proportional mechanism for obtaining the required CLI, but a global npm install will perform network activity and install a package from the npm registry, so users should only do that in trusted environments.
Credentials
The skill requires no credentials or environment variables. It writes files to a workspace under /home/admin1/.agents/skills/epub2md-cli-workspace (hard-coded default). This is proportional to its function, but the fixed home path assumes the agent user and filesystem layout; verify that path is acceptable and writable in your environment.
Persistence & Privilege
always is false and the skill does not request permanent platform-wide privileges. The bundled script creates and removes its own temp dirs and writes outputs to its own workspace; it does not modify other skills or global agent configuration.
Assessment
This skill appears to do what it says: it wraps the local epub2md CLI and stages inputs/outputs in a dedicated workspace. Before installing/using it, consider: (1) epub2md is obtained via npm if missing — a global npm install performs network downloads and writes to the system; only do this if you trust the npm package and environment. (2) The skill writes copies of EPUBs and outputs under /home/admin1/.agents/skills/epub2md-cli-workspace by default — confirm that this path is acceptable and that sensitive EPUBs should not be duplicated there. (3) SKILL.md suggests proactively invoking the skill whenever .epub files are mentioned; if you prefer stricter control, ensure the agent's invocation policy requires explicit user confirmation. If you want higher assurance, verify the npm epub2md package source (publisher, repository) before running npm install -g.Like a lobster shell, security has layers — review code before you run it.
latestvk9775xxzktymczft9bcygk9sc583h8nc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.