ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

docx

v1.0.0

Converts document files (.pdf, .docx, .xlsx, .pptx) to Markdown using the `markitdown` command.

0· 565·11 current·11 all-time
by@ytyytt520
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description match its behavior (convert documents to Markdown). However, SKILL.md requires running the external 'markitdown' CLI but the skill's metadata does not declare that binary or provide an install mechanism or source. That mismatch is unexpected and reduces confidence.
Instruction Scope
The instructions are narrowly scoped: run `markitdown "{file_path}"` and return output. They do not request additional files, env vars, or network endpoints. But they grant the agent permission to execute a local binary whose behavior and safety depend entirely on that binary.
Install Mechanism
No install spec is provided (instruction-only), which is lower risk in general. But because the skill relies on an external CLI, the lack of an install/source means the agent will run whatever 'markitdown' exists on PATH — potentially an untrusted binary.
Credentials
The skill does not request any environment variables, credentials, or config paths — this is proportionate to its stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges or modify other skills. Autonomous invocation is allowed (platform default) but not by itself a problem.
What to consider before installing
This skill will run a local program named 'markitdown' on files you ask it to convert. Before installing or using it: (1) Confirm where 'markitdown' comes from (official project page or package repository) and only use a trusted binary. (2) If you don't already have markitdown installed, ask the skill author for an install spec or avoid using the skill. (3) Don't run this on sensitive documents until you've verified the CLI's behavior (e.g., test on non-sensitive files and inspect network/activity). (4) If possible, request the skill declare required binaries or provide a safe install/source — that would change this assessment to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk9785vd774zc5jca47ys02swgh828xy8
565downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@ytyytt520
latest
Download

Document Converter

This skill converts a document file into Markdown text.

Activation

Activate when asked to read a file with one of the following extensions:

  • .pdf
  • .docx
  • .xlsx
  • .pptx

Execution

The skill executes the markitdown command on the input file path and outputs the resulting Markdown text.

markitdown "{file_path}"

Comments

Loading comments...