Office To Md V2
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its document-conversion purpose, but its PowerPoint converter can run shell commands with supplied file paths and may install software automatically during conversion.
Install and run this only in a sandbox or trusted workspace. Avoid converting untrusted PPTX files or files with unusual names until shell execution is made safe, install dependencies manually instead of allowing runtime pip installs, and check whether an existing .md file may be overwritten.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Converting a maliciously named PPTX file could execute commands on the user's machine with the agent's local privileges.
The caller-provided filePath is interpolated into shell command strings instead of passed as a safe argument array. A crafted PPTX filename containing quotes or shell metacharacters could cause unintended shell commands to run.
execSync(`python3 "${tempScriptPath}" "${filePath}"`, ...); ... execSync(`unzip -q "${filePath}" -d "${tempDir}"`, { stdio: 'pipe' });Replace execSync command strings with execFileSync/spawn using argument arrays, validate paths, reject shell metacharacters, and avoid passing user-controlled paths through a shell.
Running a conversion can modify the local Python environment and execute extra code paths the user may not expect from a file converter.
During PPTX conversion the skill writes a Python script to /tmp, may install python-pptx with pip3 if it is missing, and then executes the generated script. The automatic install occurs during normal conversion rather than a separate user-approved setup step.
fs.writeFileSync(tempScriptPath, pythonScript); ... execSync('pip3 install python-pptx', { stdio: 'pipe' }); ... execSync(`python3 "${tempScriptPath}" "${filePath}"`, ...);Do not auto-install dependencies at runtime. Declare Python/python-pptx as explicit prerequisites, fail clearly when missing, pin versions, and run conversion helpers in a sandboxed temporary directory.
Dependency behavior can change between installs, which matters for software that parses untrusted office documents.
The skill depends on third-party document parsers with version ranges, and the provided manifest does not include a lockfile. This is common for npm projects but means future installs may resolve different package versions.
"dependencies": { "mammoth": "^1.6.0", "office-text-extractor": "^2.0.0", "pdf-parse": "^1.1.1", "turndown": "^7.1.2", "word-extractor": "^1.0.4" }Install in an isolated environment, add a lockfile or pinned versions, and verify dependencies before using the skill on sensitive or untrusted documents.
Sensitive document text may be copied into Markdown outputs or shown to the agent, and untrusted document text could be mistaken for instructions.
The converter writes extracted document text to a Markdown file and returns the full markdown content plus a preview to the caller. This is expected for conversion, but it means document contents can enter the agent context.
fs.writeFileSync(outputPath, markdown); ... return { success: true, outputPath: outputPath, markdown: markdown, preview: preview, ... }Use the skill only on documents you intend the agent to read, review outputs before sharing, and treat converted document text as untrusted content rather than instructions.