FormatFerry Markdown Converter

v1.1.3

Convert HTML, DOCX, PDF, XLSX, CSV to Markdown

⭐ 0· 119·0 current·0 all-time

by@britrik

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for britrik/formatferry-markdown.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "FormatFerry Markdown Converter" (britrik/formatferry-markdown) from ClawHub.
Skill page: https://clawhub.ai/britrik/formatferry-markdown
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install formatferry-markdown

ClawHub CLI

Package manager switcher

npx clawhub@latest install formatferry-markdown

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (convert various document types to Markdown) lines up with the included scripts and SKILL.md. The scripts call a 'formatferry' CLI (or npx fallback) and perform conversion; no unexpected services, credentials, or unrelated binaries are requested.

✓

Instruction Scope

SKILL.md and the scripts only describe authenticating to the FormatFerry CLI and converting either local files or URLs. The runtime instructions do not attempt to read arbitrary system files, remote endpoints other than fetched URLs, or aggregate unrelated secrets. They explicitly warn not to expose the API key and limit output to /tmp or current dir.

ℹ

Install Mechanism

No registry install spec is embedded (the repo is instruction-only), but SKILL.md recommends 'npm install -g formatferry' or using npx. Installing an unvetted global npm package has known supply-chain and privilege risks; this is expected for a CLI-based tool but you should verify the npm package's trustworthiness before installing globally.

ℹ

Credentials

The skill declares no required environment variables and does not request unrelated credentials. It does require the user's FormatFerry API key for authentication (auth.sh invokes 'formatferry auth --api-key ...') and notes the key is stored locally — this is proportional for a paid/locked CLI service but the user should be aware the key will persist on disk via the CLI's storage mechanism.

✓

Persistence & Privilege

The skill is not always-enabled and does not request elevated privileges or modify other skills. Scripts write output to /tmp or a local file, and contain explicit checks to block writes to sensitive system paths. Nothing in the package attempts to escalate presence beyond its own scripts.

Assessment

This package appears coherent with its purpose, but before installing: (1) verify the npm package 'formatferry' and the homepage are trustworthy (no public repo is listed here), (2) avoid installing unknown npm packages globally unless you trust them (use npx or a container/sandbox for testing), (3) be aware you must provide an API key and the CLI will store it locally — treat that key like a password, and (4) review the upstream formatferry CLI behavior (network access, telemetry, and where it persists credentials) before using it with sensitive documents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c8g7z5815fybzyyrqyzbdzx84b2xc

119downloads

0stars

4versions

Updated 3w ago

v1.1.3

MIT-0

formatferry Skill

Convert HTML, DOCX, PDF, XLSX, CSV files to Markdown using the Format Ferry CLI.

Installation

Install the CLI globally:

npm install -g formatferry

Or use npx (requires Node.js):

npx formatferry --help

Authentication

The user has a private API key. Do NOT expose this key in any output or messages.

# Authenticate
scripts/auth.sh --key <API_KEY>

# Check status
scripts/auth.sh --status

Scripts

This skill includes secure wrapper scripts with no eval and bash arrays for safe argument handling:

`scripts/convert-to-md.sh` (recommended)

# Convert a local file
scripts/convert-to-md.sh --input /path/to/file.pdf --output output.md --format github

# Convert a URL
scripts/convert-to-md.sh --url https://example.com/article --output article.md

`scripts/convert.sh` (legacy)

scripts/convert.sh --file input.html --output result.md --format github
scripts/convert.sh --url https://example.com --output article.md

Supported formats: github, commonmark, slack, discord, reddit, confluence, custom, rmarkdown

Supported File Types

.html - Web pages
.docx - Word documents
.pdf - PDF files (up to 20MB)
.xlsx - Excel spreadsheets
.csv - CSV files

Security Notes

No eval: All scripts use bash arrays for safe argument passing
No OOM risk: Output streams directly to file + stdout, never captured in shell variables
Recursive path sanitization: Loops repeatedly to strip ....//, ..../, ./, and encoded bypasses (%2e%2e)
Path validation: Blocks writes to /etc, /root, /sys, /proc and sensitive files (passwd, shadow, id_rsa)
Realpath verification: Validates final paths are within allowed WORKDIR before execution
URL validation: Rejects malformed URLs (must start with http:// or https://)

Provenance

Homepage: https://formatferry.vibingfun.com
npm Package: formatferry (official, no public repo)

Notes

API key stored locally after authentication
Premium features may require a license key
Output format defaults to "github" if not specified

Comments

Loading comments...