ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

docx

v1.0.0

Converts document files (.pdf, .docx, .xlsx, .pptx) to Markdown using the `markitdown` command.

0· 597·11 current·11 all-time
by@ytyytt520

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ytyytt520/doc-converter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "docx" (ytyytt520/doc-converter) from ClawHub.
Skill page: https://clawhub.ai/ytyytt520/doc-converter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install ytyytt520/doc-converter

ClawHub CLI

Package manager switcher

npx clawhub@latest install doc-converter
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description match its behavior (convert documents to Markdown). However, SKILL.md requires running the external 'markitdown' CLI but the skill's metadata does not declare that binary or provide an install mechanism or source. That mismatch is unexpected and reduces confidence.
Instruction Scope
The instructions are narrowly scoped: run `markitdown "{file_path}"` and return output. They do not request additional files, env vars, or network endpoints. But they grant the agent permission to execute a local binary whose behavior and safety depend entirely on that binary.
Install Mechanism
No install spec is provided (instruction-only), which is lower risk in general. But because the skill relies on an external CLI, the lack of an install/source means the agent will run whatever 'markitdown' exists on PATH — potentially an untrusted binary.
Credentials
The skill does not request any environment variables, credentials, or config paths — this is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges or modify other skills. Autonomous invocation is allowed (platform default) but not by itself a problem.
What to consider before installing
This skill will run a local program named 'markitdown' on files you ask it to convert. Before installing or using it: (1) Confirm where 'markitdown' comes from (official project page or package repository) and only use a trusted binary. (2) If you don't already have markitdown installed, ask the skill author for an install spec or avoid using the skill. (3) Don't run this on sensitive documents until you've verified the CLI's behavior (e.g., test on non-sensitive files and inspect network/activity). (4) If possible, request the skill declare required binaries or provide a safe install/source — that would change this assessment to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk9785vd774zc5jca47ys02swgh828xy8
597downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@ytyytt520
latest
Download

Document Converter

This skill converts a document file into Markdown text.

Activation

Activate when asked to read a file with one of the following extensions:

  • .pdf
  • .docx
  • .xlsx
  • .pptx

Execution

The skill executes the markitdown command on the input file path and outputs the resulting Markdown text.

markitdown "{file_path}"

Comments

Loading comments...