ClawHub
Back to skill

Security audit

markdown-converter

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Markdown conversion helper, with an optional disclosed SkillBoss cloud-processing path that users should treat as external data sharing.

Install if you are comfortable running markitdown through uvx. Use the SkillBoss API example only for documents or URLs you are allowed to share with SkillBoss, and avoid third-party plugins unless you trust them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill is presented as a local Markdown conversion utility but additionally documents a remote SkillBoss API workflow for document extraction. This expands the trust boundary and can cause users to send documents to an external service without realizing the skill is no longer purely local, creating privacy, compliance, and data-handling risk.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest and top-level description imply the skill uses markitdown for local conversion, but later instructions introduce a separate cloud extraction path. This mismatch can mislead users and downstream agents about the skill's actual behavior and trust model, increasing the chance that sensitive content is processed remotely without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to use network-based document processing through SkillBoss API Hub but does not warn that document URLs and potentially document content are sent to an external third party. In a document-processing context, this is especially risky because inputs often contain sensitive files, internal links, or regulated data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal