ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mxe

v2.0.0

Convert Markdown files to PDF, DOCX, or HTML with advanced formatting, Mermaid diagrams, custom fonts, and table of contents support.

0· 1.6k·4 current·5 all-time
by@tuanpmt

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tuanpmt/mxe.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Mxe" (tuanpmt/mxe) from ClawHub.
Skill page: https://clawhub.ai/tuanpmt/mxe
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mxe

ClawHub CLI

Package manager switcher

npx clawhub@latest install mxe
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and package.json both describe a Markdown-to-PDF/DOCX/HTML exporter with Mermaid support, which is coherent. However the registry metadata omitted a description while package.json provides one, and the package.json version (1.0.0) does not match the registry version (2.0.0). These mismatches are sloppy and reduce confidence but do not by themselves indicate malicious intent.
!
Instruction Scope
The runtime instructions direct the agent to run shell commands that access a hard-coded user path (/Users/tuan/.openclaw/workspace/mxe) and to execute `npm run build && npm link` there. That will execute whatever build scripts exist in that local workspace and modify the system npm links — actions beyond simply converting a file and potentially executing arbitrary code from a local directory. The SKILL.md otherwise stays on-topic (conversion options, mermaid, fonts, etc.), but the explicit local path and build/link instructions are unexpected and risky.
!
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md instructs installing by cd'ing into a specific local workspace and running `npm run build` and `npm link`. This relies on local, user-specific files rather than a well-known package source and would execute unreviewed scripts. While no remote download URL is present, `npm run build` can run arbitrary code defined in package.json scripts if that workspace exists — a notable install-time risk.
Credentials
The skill does not request any environment variables, credentials, or config paths. That is proportional to the stated purpose (a local file conversion tool).
Persistence & Privilege
The skill is not marked always:true and uses default model-invocation settings (agent may invoke it autonomously). This is the platform default and acceptable here. The SKILL.md does include commands that would modify system state (npm link), but the skill does not request persistent privileges or modify other skills' configs.
What to consider before installing
This skill appears to be a Markdown export tool, but there are red flags you should consider before installing or running its commands: - SKILL.md tells the agent to cd into a hard-coded local path (/Users/tuan/.openclaw/workspace/mxe) and run `npm run build && npm link`. Those commands will execute whatever build scripts exist there and can modify your system npm links — do not run them on a machine unless you trust the contents of that directory. - The registry metadata version (2.0.0) and package.json version (1.0.0) differ; the SKILL.md reveals a specific username ('tuan') in the path. These indicate sloppy packaging or a locally authored bundle rather than a vetted upstream release. - Because there is no formal install spec pointing to a known release (GitHub, npm registry, etc.), prefer obtaining the tool from an official source or inspecting the repository contents yourself before running any build/install commands. Recommended precautions: - Ask the skill author for a canonical install URL (GitHub release or npm package) and a non-user-specific install instruction. - Inspect the repository and package.json scripts in a safe environment (sandbox or VM) before running `npm run build` or `npm link`. - If you must test on your workstation, run build steps in an isolated container or VM to avoid executing untrusted scripts and avoid global linking. Given these inconsistencies and the potential to run arbitrary local build scripts, treat this skill as suspicious until you can verify its source and contents.

Like a lobster shell, security has layers — review code before you run it.

exportvk975hen665qnd5d7jh969wqg8n80n7dslatestvk975hen665qnd5d7jh969wqg8n80n7dsmarkdownvk975hen665qnd5d7jh969wqg8n80n7dsmermaidvk975hen665qnd5d7jh969wqg8n80n7dspdfvk975hen665qnd5d7jh969wqg8n80n7ds
1.6kdownloads
0stars
1versions
Updated 7h ago
v2.0.0
MIT-0
@tuanpmt
exportlatestmarkdownmermaidpdf
Download

MXE Skill - Markdown Export Tool

Convert Markdown files to PDF, DOCX, or HTML with advanced features.

When to Use

Use MXE when the user wants to:

  • Convert Markdown to PDF with nice formatting
  • Export documents with Mermaid diagrams
  • Generate PDFs with table of contents
  • Create professional documents from Markdown
  • Download web articles as Markdown

Installation Check

which mxe || echo "Not installed"

If not installed:

cd /Users/tuan/.openclaw/workspace/mxe && npm run build && npm link

Basic Usage

# Simple PDF conversion
mxe document.md

# With table of contents
mxe document.md --toc

# Specify output directory
mxe document.md -o ./output

Font Options

# Custom body font
mxe document.md --font roboto

# Custom code font  
mxe document.md --mono-font fira-code

# Both
mxe document.md --font inter --mono-font jetbrains-mono

Available body fonts: inter (default), roboto, lato, opensans, source-sans, merriweather

Available mono fonts: jetbrains-mono (default), fira-code, source-code

Mermaid Diagrams

# Default theme
mxe document.md

# Forest theme
mxe document.md --mermaid-theme forest

# Hand-drawn style
mxe document.md --hand-draw

# Dark theme with ELK layout
mxe document.md --mermaid-theme dark --mermaid-layout elk

Themes: default, forest, dark, neutral, base

Full Example

# Professional PDF with all features
mxe report.md \
  --toc \
  --font roboto \
  --mono-font fira-code \
  --mermaid-theme forest \
  -o ./output

Output Formats

mxe doc.md -f pdf      # PDF (default)
mxe doc.md -f docx     # Word document
mxe doc.md -f html     # HTML file
mxe doc.md -f clipboard # Copy to clipboard

Download Web Articles

# Download and convert URL to PDF
mxe https://example.com/article

# Download as Markdown only
mxe https://example.com/article -f clipboard

Tips

  1. Mermaid requires mmdc: Install with npm i -g @mermaid-js/mermaid-cli
  2. Images are embedded: Local images are base64 encoded into the PDF
  3. Custom CSS: Use -s style.css for custom styling
  4. Bookmarks: PDF bookmarks are auto-generated from headings (disable with --no-bookmarks)

Location

Tool source: /Users/tuan/.openclaw/workspace/mxe

Comments

Loading comments...