pandoc-convert
PassAudited by ClawScan on May 12, 2026.
Overview
This looks like a normal Pandoc document-conversion skill, but it can run local conversion commands and optionally install Pandoc if you approve.
Before installing, be aware that Pandoc may need to be installed even though the registry does not list it as a required binary. Review any package-manager command before approving installation, and choose conversion input/output paths carefully, especially for batch jobs.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken input, output path, or batch directory could convert the wrong files or overwrite existing generated outputs.
The skill is allowed to run local conversion wrappers and Pandoc. This is expected for its purpose, but it means the agent can read user-provided document paths and create or overwrite output files.
allowed-tools: - Bash(bash */scripts/convert.sh *) - Bash(bash */scripts/validate.sh *) - Bash(python3 */scripts/batch_convert.py *) - Bash(pandoc *)
Use clear input and output paths, review batch directories before running, and use options such as --skip-existing when you do not want outputs overwritten.
If approved, the installer may modify system packages and may request administrator privileges.
The optional installer can execute package-manager commands, including sudo-based installation on some systems. The script is dry-run by default and only executes when --yes is used.
Pass --yes to execute the detected install command. ... INSTALL_CMD="sudo apt-get update && sudo apt-get install -y pandoc" ... sh -c "$INSTALL_CMD"
Run the installer in dry-run mode first, review the printed command, and only approve --yes if you want Pandoc installed by that package manager.