Skillv1.0.0

ClawScan security

Markdown To Word Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 12:32 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The files, instructions, and install steps match the skill's stated purpose (Markdown → Word conversion); nothing in the package requests unrelated credentials or external endpoints and the install is limited to creating a venv and pip-installing standard Python packages.
Guidance: This package appears coherent for converting Markdown to Word. Before installing, consider: 1) Run the install process inside an isolated environment (the script already creates a venv) or a container to limit exposure. 2) Inspect full contents of md2docx.py and the mermaid helper (mermaid processing sometimes calls external CLIs or web services) to confirm there are no network calls or subprocesses you don't expect. 3) Note that pip will pull packages from PyPI — if you require stricter provenance, vendor or audit dependencies first. 4) The templates in install.sh are placeholder .info files (not real .docx templates); if you need real templates, provide them yourself. 5) If you accept this skill, avoid running it on sensitive directories until you've tested it on sample files.

Review Dimensions

Purpose & Capability: okName/description (Markdown→Word) align with the included scripts (md2docx*.py), install.sh, and SKILL.md. Required dependencies (python-docx, markdown, beautifulsoup4, pillow) are appropriate for document and image handling. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md and the scripts only instruct reading markdown files, locating local images, converting to .docx, and optionally processing directories/templates. Instructions do not reference reading unrelated system files, environment variables, or sending data to external endpoints. The install script decodes a bundled base64 sample image and creates small .info template descriptors — both consistent with examples/test data.
Install Mechanism: noteNo remote downloads or obscure installers are used. install.sh creates a Python virtual environment and runs pip install of common packages from PyPI (expected for Python tooling). This is normal but carries the usual PyPI risk surface (dependencies come from public registries). No extracted archives or remote URLs are present.
Credentials: okThe skill requests no environment variables, no credentials, and no configuration paths. The set of required Python packages is proportionate to the described functionality.
Persistence & Privilege: okThe skill does not request always:true and does not modify system-wide settings. install.sh writes files within the skill tree and creates a local venv — expected behavior for a local tool and not a privilege escalation.