ClawHub

MarkItDown文档转换中文版

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward document-conversion skill with local file outputs and ordinary setup cautions, not evidence of hidden or malicious behavior.

Install in a virtual environment or pipx when possible. Only run sudo package-install commands if you intentionally want to modify the system, and use a dedicated output folder for batch conversion or image extraction because the scripts create Markdown/image files and may overwrite same-named outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script is presented as an image-extraction utility, but when no images are exposed by the library API it silently writes the full converted Markdown content to disk. This can disclose far more document content than the user intended to extract, which is especially risky for sensitive PDFs, Office files, or other private documents processed by the skill.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
pip install "markitdown[all]"

# 或安装pipx包管理应用,通过pipx安装markitdown
sudo apt-get install pipx
# 使用pipx安装markitdown包 all表示支持所有格式
pipx install 'markitdown[all]'
# 将通过pipx安装的包路径放入当前变量PATH内
Confidence
84% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
某些格式转换可能需要额外的系统依赖:

- **PDF 处理**: `brew install poppler` (macOS) 或 `sudo apt-get install poppler-utils` (Linux)
- **OCR**: `brew install tesseract` (macOS) 或 `sudo apt-get install tesseract-ocr` (Linux)

## 验证安装
Confidence
81% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
某些格式转换可能需要额外的系统依赖:

- **PDF 处理**: `brew install poppler` (macOS) 或 `sudo apt-get install poppler-utils` (Linux)
- **OCR**: `brew install tesseract` (macOS) 或 `sudo apt-get install tesseract-ocr` (Linux)

## 验证安装
Confidence
81% confidence
Finding
sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal