Back to skill
Skillv1.0.0
VirusTotal security
docx-to-md · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- 57d7c1bd554355bda5445b0185b26a23e682e4371aae1f6306aab60cae9d815d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: docx-to-md Version: 1.0.0 The skill bundle is classified as suspicious due to potential vulnerabilities, not clear malicious intent. The `SKILL.md` provides a command-line execution example which, if not properly sanitized by the OpenClaw agent, could lead to shell injection. Additionally, the `scripts/docx_to_md.py` script uses `zipfile.ZipFile.extract` to process DOCX files; this operation is susceptible to a Zip Slip vulnerability if a specially crafted DOCX file contains path traversal sequences, potentially allowing files to be written outside the intended output directory. There is no evidence of intentional data exfiltration, persistence, or other malicious activities by the skill author.
- External report
- View on VirusTotal