md2docx Security Report — Trusted | ClawSafe

5 /100

md2docx

Markdown to Word document converter with Chinese font optimization

A legitimate Markdown-to-Word document converter using Pandoc and python-docx with no malicious behavior detected.

Skill Namemd2docx

Duration36.9s

Enginepi

✓

Safe to install

No action required. The skill performs as documented.

Findings 2 items

Severity	Finding	Location
Low	Test imports non-existent class Doc Mismatch test_md2docx.py attempts to import MD2DocxConverter which does not exist in tools/md2docx.py. The actual implementation uses functions, not a class. `from tools.md2docx import MD2DocxConverter` → Update test to use the function-based API or add the class wrapper	`test_md2docx.py:18`
Low	Unpinned python-docx dependency Supply Chain requirements.txt is not present; python-docx version is not pinned in any dependency file. `from docx import Document` → Add a requirements.txt or pyproject.toml with pinned versions	`tools/md2docx.py:9`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	tools/md2docx.py:183 - writes output files and temp files
Shell	`WRITE`	`WRITE`	✓ Aligned	tools/md2docx.py:176 - subprocess.run() for pandoc CLI
Network	`NONE`	`NONE`	—	No network calls found
Environment	`NONE`	`NONE`	—	No environment variable access

6 findings

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/md2docx

PROJECT_INFO.md:15

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/ClawHub-Skill-blue

README.md:3

🔗

Medium External URL 外部 URL

https://clawhub.com

README.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/version-1.0.6-green

README.md:4

🔗

Medium External URL 外部 URL

https://pandoc.org/installing.html

README.md:180

🔗

Medium External URL 外部 URL

http://schemas.openxmlformats.org/wordprocessingml/2006/main

tools/md2docx.py:100

File Tree

7 files · 33.9 KB · 1135 lines

Python 4f · 731L Markdown 3f · 404L

├─ ▾ 📁 tools

│ ├─ 🐍 create_songti_template.py Python 33L · 900 B

│ ├─ 🐍 md2docx.py Python 364L · 12.0 KB

│ └─ 🐍 test_md2docx.py Python 198L · 7.3 KB

├─ 📝 PROJECT_INFO.md Markdown 83L · 2.2 KB

├─ 📝 README.md Markdown 246L · 5.0 KB

├─ 📝 SKILL.md Markdown 75L · 2.1 KB

└─ 🐍 test_md2docx.py Python 136L · 4.4 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`pandoc`	`>=2.0`	external CLI	No	System dependency, must be installed separately
`python-docx`	`>=1.2.0 (unpinned)`	pip	No	Version not pinned in any manifest file

Security Positives

✓ No credential harvesting or environment variable access

✓ No network requests to external servers

✓ No obfuscation techniques (base64, eval, etc.)

✓ No sensitive file path access (~/.ssh, ~/.aws, .env)

✓ No remote code execution vectors

✓ No hidden instructions in comments or HTML

✓ subprocess usage is limited to documented CLI tool (pandoc)

✓ Clean, well-documented code with proper error handling

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives