Skillv1.0.2

ClawScan security

Pandoc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 4:54 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill appears to do what it says — it wraps local pandoc conversions with a helper script and documentation — nothing in the files attempts to access unrelated secrets or remote endpoints, though the registry metadata should have declared pandoc as a required binary.
Guidance: This skill is internally consistent and appears benign, but check a few practical things before installing and allowing autonomous use: (1) The package metadata did not declare pandoc as a required binary—ensure pandoc is installed on the agent's host (and install any PDF engine you need) before use. (2) Review scripts/convert.sh (included) yourself — the agent will run pandoc commands exactly as written, so don't pass sensitive files you wouldn't want processed locally. (3) The source/homepage in metadata is 'unknown' / no homepage provided — if you need stronger assurance, prefer a skill that links to an official repo or vendor. (4) If you are uneasy about autonomous invocation, restrict the skill to user-invocable only; otherwise it will run when the agent decides conversion is appropriate.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, SKILL.md, and script consistently implement a pandoc-based document converter. However, the registry metadata lists no required binaries while the SKILL.md and scripts clearly require pandoc (and optionally local PDF engines like xelatex, wkhtmltopdf, weasyprint, etc.). The skill should have declared pandoc (and optionally known PDF engines) as required binaries.
Instruction Scope: okSKILL.md instructs the agent to use the included scripts/convert.sh and to run pandoc for conversions. The script only operates on user-supplied input/output paths, checks that files exist, validates available local PDF engines, and invokes pandoc. There are no instructions to read unrelated system files, environment variables, or send data to external endpoints.
Install Mechanism: okNo install spec is present (instruction-only plus a local helper script), so nothing is downloaded or written by an installer. The included bash script is local and executed by the agent; there are no remote download URLs or extract operations in the package.
Credentials: okThe skill requests no environment variables or credentials, and the script does not attempt to read secrets or external config. It only checks for binaries on PATH and works with files the user provides. This is proportionate to a document-conversion utility.
Persistence & Privilege: okThe skill does not request permanent/always-on presence (always:false) and does not modify other skills or system-wide agent settings. It runs local commands at invocation time only.