Back to skill
Skillv2.0.0
VirusTotal security
Markdown to PDF Converter (v2.0) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:54 AM
- Hash
- 20e20a637d7242bec90e73cbd20924229db193004ca5c67368fe30c46923e39f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: md2pdf-converter Version: 2.0.0 The skill is designed to convert Markdown to PDF with emoji support, using Pandoc, WeasyPrint, and local Twemoji assets. It is classified as 'suspicious' due to the `scripts/md2pdf-local.sh` script executing external commands (`pandoc`, `weasyprint`) with user-provided input filenames. While the filenames are quoted, this pattern is a common vulnerability vector for shell injection or arbitrary code execution if the underlying tools have flaws. Additionally, the script uses a hardcoded absolute path (`/home/ltx/.openclaw/workspace/skills/md2pdf-converter/scripts/generate_emoji_mapping.py`) to invoke a Python script, which is a robustness vulnerability. There is no evidence of intentional malicious behavior like data exfiltration, persistence, or prompt injection against the agent.
- External report
- View on VirusTotal