Markdown Converter
v1.0.0Convert documents and files to Markdown using markitdown. Use when converting PDF, Word (.docx), PowerPoint (.pptx), Excel (.xlsx, .xls), HTML, CSV, JSON, XM...
⭐ 0· 263·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description match the runtime instructions: the SKILL.md plainly instructs the agent to run 'uvx markitdown' to convert many document types to Markdown. There are no unrelated required credentials, files, or binaries declared.
Instruction Scope
Instructions are narrowly scoped to invoking the 'uvx markitdown' CLI on provided input files or stdin. Caveats: SKILL.md documents features that fetch/handle remote content (YouTube URLs, downloading ZIP contents) and an option to use 3rd‑party plugins (--use-plugins), which may pull and execute external code. It also mentions using Azure Document Intelligence with a user-supplied endpoint, implying network calls and possible credential use even though no creds are declared.
Install Mechanism
This is instruction-only (no install spec), so nothing is written by the skill package itself. However, it depends on an external CLI ('uvx markitdown') that the SKILL.md assumes is present; the origin, trustworthiness, and behavior of 'uvx'/'markitdown' are not provided here. The SKILL.md also mentions first-run caching of dependencies, indicating the tool may download code at runtime.
Credentials
The skill declares no required env vars or credentials (proportionate). Practical use of some features (Azure Document Intelligence or other cloud OCR/transcription services) will likely require credentials or endpoints that the SKILL.md doesn't declare—users must supply those out of band. The optional '--use-plugins' could require additional permissions or network access.
Persistence & Privilege
The skill does not request persistent privileges (always:false) and does not modify other skills or system settings. Autonomous invocation is allowed (platform default) but not combined with any elevated privileges in this package.
Scan Findings in Context
[none] expected: Regex-based scanner found no code to analyze. This is expected for an instruction-only skill; absence of findings is not proof of safety because the invoked CLI ('uvx markitdown') is external to this package.
Assessment
This skill appears coherent for converting files to Markdown, but you should verify the external tooling it depends on before running it on sensitive data. Specifically:
- Confirm you trust the 'uvx' and 'markitdown' binaries on your system (check vendor, installation source, and checksums). If they are not present, the skill gives no safe install method.
- Avoid using '--use-plugins' or installing unknown plugins unless you trust their source; plugins can execute arbitrary code.
- If you use Azure Document Intelligence or other cloud OCR/transcription, supply only the minimal credentials required and prefer short-lived credentials or dedicated service principals.
- For high-sensitivity documents, run conversions in an isolated sandbox or on a machine with no access to secrets/network you care about.
- If you need higher assurance, obtain the markitdown/uvx project source or packaging information and review what dependencies it fetches on first run.Like a lobster shell, security has layers — review code before you run it.
latestvk977gnrbg5dfqrx44qb56cmhqs838wn5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.