ClawHub

Markdown To Word Skill

v1.0.0

Convert Markdown files to well-formatted Word documents with support for headings, lists, tables, code blocks, images, math formulas, custom styles, template...

1· 788·8 current·8 all-time
by@runmanfm-bit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Markdown→Word) align with the included scripts (md2docx*.py), install.sh, and SKILL.md. Required dependencies (python-docx, markdown, beautifulsoup4, pillow) are appropriate for document and image handling. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the scripts only instruct reading markdown files, locating local images, converting to .docx, and optionally processing directories/templates. Instructions do not reference reading unrelated system files, environment variables, or sending data to external endpoints. The install script decodes a bundled base64 sample image and creates small .info template descriptors — both consistent with examples/test data.
Install Mechanism
No remote downloads or obscure installers are used. install.sh creates a Python virtual environment and runs pip install of common packages from PyPI (expected for Python tooling). This is normal but carries the usual PyPI risk surface (dependencies come from public registries). No extracted archives or remote URLs are present.
Credentials
The skill requests no environment variables, no credentials, and no configuration paths. The set of required Python packages is proportionate to the described functionality.
Persistence & Privilege
The skill does not request always:true and does not modify system-wide settings. install.sh writes files within the skill tree and creates a local venv — expected behavior for a local tool and not a privilege escalation.
Assessment
This package appears coherent for converting Markdown to Word. Before installing, consider: 1) Run the install process inside an isolated environment (the script already creates a venv) or a container to limit exposure. 2) Inspect full contents of md2docx.py and the mermaid helper (mermaid processing sometimes calls external CLIs or web services) to confirm there are no network calls or subprocesses you don't expect. 3) Note that pip will pull packages from PyPI — if you require stricter provenance, vendor or audit dependencies first. 4) The templates in install.sh are placeholder .info files (not real .docx templates); if you need real templates, provide them yourself. 5) If you accept this skill, avoid running it on sensitive directories until you've tested it on sample files.

Like a lobster shell, security has layers — review code before you run it.

latestvk977qv6wyezm73pg7y62dc5yqd8242n1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments