Markdown to PDF (Styled)
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—convert local Markdown files to styled PDFs—but it relies on external converter tools and enables local file access during conversion, so use trusted inputs.
Before installing, make sure you are comfortable using pandoc and wkhtmltopdf locally. Install those tools from trusted sources, convert only trusted Markdown/CSS files, and be aware that the script may overwrite the chosen PDF output path.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user converts untrusted Markdown or CSS, the PDF renderer may be able to read local resources referenced by that content and include them in the generated PDF.
The helper invokes external conversion tools and explicitly enables local file access so wkhtmltopdf can load local CSS/resources. This is disclosed and aligned with PDF styling, but it makes trusted input important.
pandoc "$IN" -o "$OUT" \ --pdf-engine=wkhtmltopdf \ --pdf-engine-opt=--enable-local-file-access \ --css "$CSS"
Use this skill with Markdown and CSS files you trust, review custom CSS paths, and choose output paths carefully.
The skill depends on separately installed local tools, so security also depends on where those tools are obtained from.
The documentation tells users how to install external system packages. This is expected for a pandoc/wkhtmltopdf-based converter, but the packages are outside the skill artifact itself.
apt-get update apt-get install -y pandoc wkhtmltopdf
Install pandoc and wkhtmltopdf only from trusted package repositories or official sources, and avoid running package-manager commands you do not understand.