Mxe
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s document-conversion purpose is coherent, but its setup asks to run and install an unreviewed local Node tool from a hard-coded developer folder.
Use caution before installing. The conversion commands themselves are purpose-aligned, but only run the setup if you can inspect and trust the actual `mxe` source at the referenced path or replace it with a trusted, pinned package. Also remember that converted documents may embed local images referenced by the Markdown.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed, the agent or user could execute package scripts and install a persistent `mxe` command from code that was not included in the reviewed skill artifacts.
The skill directs setup through a hard-coded local source path and npm build/link rather than a declared install source or included implementation, so the executable code's provenance is unclear.
If not installed: ```bash cd /Users/tuan/.openclaw/workspace/mxe && npm run build && npm link ```
Do not allow automatic build or link steps for this skill. Require a reviewed package or pinned install source, declare the `mxe` binary requirement, and ask the user before any install or linking operation.