Office → Markdown Skill
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may download and install Python packages from the package ecosystem in order to perform conversions.
The converter installs third-party packages at runtime into a temp directory. The packages are pinned and the behavior is disclosed, so this is a supply-chain note rather than a concern.
subprocess.run([sys.executable, "-m", "pip", "install", "--quiet", "--target", str(_DEP_DIR), "pdfplumber==0.11.4", "pymupdf==1.24.14"], check=True)
Run it in a trusted environment, keep network/package policy in mind, and prefer preinstalled or hash-verified dependencies if stricter supply-chain control is needed.
If vision extraction is approved, scanned pages or embedded images from the document may leave the local workspace and be sent to Anthropic for processing.
The skill may transmit document images to an external provider for OCR. This is clearly disclosed and consent-gated, but the documents could contain sensitive information.
For scanned or image-only content, pages are sent to Anthropic's vision API. **Always ask the user for confirmation before enabling vision**
Only approve vision extraction for documents you are comfortable sending to Anthropic; otherwise use the text-only output and leave image-only pages skipped.