by 安全扫描
OpenClaw
安全
high confidenceThe skill is an instruction-only wrapper around Microsoft MarkItDown to convert documents to Markdown; its requirements and actions are generally consistent with that purpose, with only minor manifest/metadata inconsistencies and the normal risks of installing a large Python package.
评估建议
This skill appears to do what it says: wrap Microsoft MarkItDown to convert documents to Markdown. Before installing, note that: (1) SKILL.md expects python3/pip3 and runs pip3 install 'markitdown[all]' — ensure you want that package and its extras installed (it can pull OCR, transcription, and media tooling). (2) Features like YouTube subtitle extraction and audio transcription will require network access and possibly third-party APIs or binaries (e.g., ffmpeg); review MarkItDown's docs to unde...详细分析 ▾
ℹ 用途与能力
The skill's stated purpose (convert many document formats to Markdown using Microsoft MarkItDown) matches the runtime instructions and examples. However, there is a small internal inconsistency: the registry summary lists no required binaries/env, while the SKILL.md metadata and install step expect python3 and pip3 and installing the markitdown Python package. This is likely an authoring/packaging omission rather than malicious intent.
✓ 指令范围
SKILL.md instructions and code samples focus on converting local files (single or batch), preprocessing Markdown, section extraction, and RAG chunking. There are no instructions to read unrelated system files, to collect unrelated environment variables, or to send converted content to unknown endpoints. The only notable behavior is handling YouTube links and audio transcription which implies network access and use of third-party services (expected for those features).
ℹ 安装机制
The install step uses pip3 install 'markitdown[all]'. Installing a feature-complete extras set can pull many dependencies (OCR, transcription, media tooling like ffmpeg, etc.), increasing the attack surface and requiring network access to PyPI. This is a standard package install (PyPI) rather than an arbitrary download, but you should be aware it may install native binaries or extra packages with their own behavior.
✓ 凭证需求
The skill does not request any environment variables, secrets, or credential files. None of the instructions reference hidden env vars or credentials. This is proportionate for a document-conversion tool.
✓ 持久化与权限
The skill is instruction-only, has no always:true flag, and does not request persistent/global privileges or modify other skills. It can be invoked by the agent (normal default) but does not request elevated or permanent presence.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/27
everything2markdown-cn v1.0.0 - 首次发布:支持将多种文档格式批量或单文件转换为结构化 Markdown,专为 AGENT 与 LLM 工作流优化 - 提供文档预处理、结构化章节提取与 RAG 分块等多种 Python 处理范例 - 完整支持 PDF、DOCX、PPTX、XLSX、EPUB、HTML、图片(OCR)、音频(转录)、YouTube 字幕等常见文档类型 - 输出保留标题、表格、列表、链接等结构及元数据信息,适合自动化管道接入 - 简洁 API 设计,易于集成至自动化、数据分析、检索增强生成 (RAG) 等场景
● 无害
安装命令
点击复制官方npx clawhub@latest install everything2markdown-cn
镜像加速npx clawhub@latest install everything2markdown-cn --registry https://cn.longxiaskill.com