Skillv1.0.0

ClawScan security

Markdown Converter 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 14, 2026, 2:00 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The instructions generally match a document-to-Markdown converter, but the SKILL.md expects an external 'uvx markitdown' binary and allows plugins and remote-document intelligence without declaring required binaries or credential handling, which is incoherent and could enable unexpected network / plugin behavior.
Guidance: This skill is plausible for converting documents but has several gaps you should consider before installing: 1) It assumes a third-party 'uvx' binary is available but doesn't declare that dependency or its source — verify what 'uvx markitdown' is and install it from a trusted source. 2) Avoid using --use-plugins or any unknown plugins unless you vet them; plugins can execute arbitrary code or make network requests. 3) Do not pass sensitive documents to remote endpoints (e.g., Azure Document Intelligence) unless you understand where data is sent and how credentials are protected; the skill doesn't explain credential handling. 4) Prefer a skill that declares required binaries and credential requirements, or ask the publisher for provenance (homepage/source) before granting access. If you proceed, test on non-sensitive files and verify the behavior of the 'uvx' tool locally first.

Review Dimensions

Purpose & Capability: concernThe skill claims to convert many formats using 'uvx markitdown', which is reasonable for a converter. However the package declares no required binaries or install steps while the runtime instructions assume the 'uvx' binary is present. That mismatch (no declared dependency but explicit reliance on an external binary) is incoherent. The SKILL.md also exposes plugin flags and remote service options (Azure Document Intelligence) that expand capabilities beyond simple local conversion.
Instruction Scope: noteInstructions are narrowly focused on running 'uvx markitdown' with various CLI options. They do not instruct the agent to read unrelated files or env vars. However the guidance allows '--use-plugins' and points to remote endpoints (Azure Document Intelligence via -d -e), which could cause document data to be transmitted to external services or third-party plugins. The SKILL.md does not constrain plugin behavior or explain how credentials for cloud services are provided.
Install Mechanism: okThis is an instruction-only skill with no install spec, so nothing is written to disk by the skill itself. That is lower risk. Still, the SKILL.md's statement 'no installation required' conflicts with the practical dependency on the 'uvx' binary and mention that 'first run caches dependencies', which suggests background installation or network activity by the 'uvx' tool.
Credentials: noteThe skill declares no required environment variables or credentials. But it documents use of an Azure Document Intelligence endpoint and plugin support — both may require keys or tokens in practice. The skill does not declare how such secrets should be supplied or managed, nor does it request them explicitly, creating ambiguity about where sensitive credentials would be entered and how data might be handled.
Persistence & Privilege: okThe skill does not request persistent presence (always: false) and does not modify other skills or system-wide settings. It is user-invocable and may be invoked autonomously by the agent (platform default), which is expected behavior.