Skillv1.0.2

ClawScan security

markdown-converter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 5:18 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches a document-to-Markdown converter but has several inconsistencies (undeclared required environment variable, implicit binary dependency, and an external API endpoint) that you should understand before installing.
Guidance: This skill appears to do document→Markdown conversion but has unclear requirements and will send data to api.skillboss.co if you provide SKILLBOSS_API_KEY. Before installing: (1) confirm whether 'uvx' (markitdown) is available in your environment or get explicit install instructions; (2) verify the skill registry metadata is updated to declare SKILLBOSS_API_KEY as a required env var if remote processing is needed; (3) only supply SKILLBOSS_API_KEY if you trust skillboss.co and are comfortable that documents (or their URLs) may be transmitted to that service; (4) ask the publisher for a homepage/source repo and a clear privacy statement about what is sent to SkillBoss; and (5) test with non-sensitive documents first.

Review Dimensions

Purpose & Capability: concernSKILL.md describes a markdown conversion tool that can optionally call SkillBoss API Hub. That purpose is plausible, but the registry metadata claims no required env vars or binaries while the SKILL.md explicitly declares and uses SKILLBOSS_API_KEY and assumes the 'uvx' CLI ('uvx markitdown'). The mismatch between claimed requirements and actual instructions is incoherent and makes it unclear what the skill truly needs to function.
Instruction Scope: concernRuntime instructions tell the agent to run 'uvx markitdown' on local files/STDIN and also include a Python example that will POST documents/URLs to https://api.skillboss.co using SKILLBOSS_API_KEY. This means document contents or URLs can be transmitted to a third-party service. The SKILL.md also claims 'no installation required' while referring to caching dependencies and a CLI binary, creating ambiguity about what the agent will do at runtime.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk. However, the instructions depend on the external 'uvx' binary without declaring it as required or providing an install path. That mismatch may lead to the agent attempting to fetch or run unknown binaries outside the declared manifest.
Credentials: concernThe SKILL.md requires SKILLBOSS_API_KEY (used to call api.skillboss.co), which is proportionate to the optional remote-processing capability. However, the registry metadata lists no required env vars — the discrepancy is a red flag. The skill does not request other unrelated credentials, which is good, but the single API key gives a third party potential access to submitted documents.
Persistence & Privilege: okThe skill is not always-enabled, is user-invocable, does not request system config paths, and does not declare elevated privileges. There is no install script or other indication it will persist beyond being used, so persistence/privilege concerns are minimal.