Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
format-flow
v1.0.0Convert and format documents across Word, PDF, Markdown, web pages, Excel, and images with compression, resizing, and format conversion.
⭐ 0· 120·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with provided code: converters for Word/PDF/Markdown, web→markdown, Excel→JSON, and image processing. Required capabilities (requests, pdfplumber, Pillow, openpyxl, etc.) are consistent with the described features. No unrelated cloud credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs running the included Python CLI (scripts/convert.py) and copying the skill into a WorkBuddy skills directory; it references only local files, URLs for web→markdown, and installing dependencies. That scope is appropriate for a converter. However the SKILL.md had a prompt‑injection signal (unicode control characters) flagged by the pre-scan — there is no benign justification in the README for these control characters, so this is unusual and should be investigated.
Install Mechanism
There is no separate install spec, but the bundled scripts include an auto-dependency installer (scripts/utils/dependencies.py) that will call pip to install missing packages. The packages are reasonable for the tool, but the installer suppresses pip output (stdout/stderr redirected to DEVNULL), which can hide failures or prompts. Auto-installing packages via subprocess is a moderate risk (supply-chain/PyPI risk) but not out of scope for this skill.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Network access via requests to fetch web pages is expected for web→markdown functionality. No evidence of attempts to read unrelated secrets or system configs.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent platform privileges. It suggests copying files into a user skill directory and uses pip to install Python packages (which affects the Python environment) — this is within the normal scope for a local CLI/skill but is worth noting because it changes the environment.
Scan Findings in Context
[unicode-control-chars] unexpected: Control characters in SKILL.md are not necessary for a document-conversion skill and can be used to manipulate LLM prompt parsing (prompt injection). This finding should be investigated by inspecting the raw SKILL.md for invisible characters (e.g., RLO/LRO/ZWJ) and removed/cleaned if unintended.
What to consider before installing
This skill appears to implement the conversion features it advertises and does not request secrets or unrelated credentials. Two things to check before installing: (1) inspect SKILL.md (open in a hex/visible-character viewer) for any hidden Unicode control characters and remove them — they triggered a prompt-injection detector; (2) be aware the skill will try to run pip to install dependencies quietly (it redirects pip output to /dev/null). If you prefer tighter control, manually review and install the listed Python packages yourself rather than allowing the skill to auto-install. If you plan to run this in a shared or production environment, consider running it in an isolated virtualenv/container to limit the effect of pip installs and to reduce supply‑chain risk.Like a lobster shell, security has layers — review code before you run it.
latestvk9765p55frymj1gaephn763v3n835y77
License
MIT-0
Free to use, modify, and redistribute. No attribution required.