md2docx 安全扫描报告 — 可信 | ClawSafe

5 /100

md2docx

Markdown to Word document converter with Chinese font optimization

A legitimate Markdown-to-Word document converter using Pandoc and python-docx with no malicious behavior detected.

技能名称md2docx

分析耗时36.9s

引擎pi

✓

可以安装

No action required. The skill performs as documented.

安全发现 2 项

严重性	安全发现	位置
低危	Test imports non-existent class 文档欺骗 test_md2docx.py attempts to import MD2DocxConverter which does not exist in tools/md2docx.py. The actual implementation uses functions, not a class. `from tools.md2docx import MD2DocxConverter` → Update test to use the function-based API or add the class wrapper	`test_md2docx.py:18`
低危	Unpinned python-docx dependency 供应链 requirements.txt is not present; python-docx version is not pinned in any dependency file. `from docx import Document` → Add a requirements.txt or pyproject.toml with pinned versions	`tools/md2docx.py:9`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	tools/md2docx.py:183 - writes output files and temp files
命令执行	`WRITE`	`WRITE`	✓ 一致	tools/md2docx.py:176 - subprocess.run() for pandoc CLI
网络访问	`NONE`	`NONE`	—	No network calls found
环境变量	`NONE`	`NONE`	—	No environment variable access

6 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.com/skills/md2docx

PROJECT_INFO.md:15

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/ClawHub-Skill-blue

README.md:3

🔗

中危外部 URL 外部 URL

https://clawhub.com

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/version-1.0.6-green

README.md:4

🔗

中危外部 URL 外部 URL

https://pandoc.org/installing.html

README.md:180

🔗

中危外部 URL 外部 URL

http://schemas.openxmlformats.org/wordprocessingml/2006/main

tools/md2docx.py:100

目录结构

7 文件 · 33.9 KB · 1135 行

Python 4f · 731L Markdown 3f · 404L

├─ ▾ 📁 tools

│ ├─ 🐍 create_songti_template.py Python 33L · 900 B

│ ├─ 🐍 md2docx.py Python 364L · 12.0 KB

│ └─ 🐍 test_md2docx.py Python 198L · 7.3 KB

├─ 📝 PROJECT_INFO.md Markdown 83L · 2.2 KB

├─ 📝 README.md Markdown 246L · 5.0 KB

├─ 📝 SKILL.md Markdown 75L · 2.1 KB

└─ 🐍 test_md2docx.py Python 136L · 4.4 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`pandoc`	`>=2.0`	external CLI	否	System dependency, must be installed separately
`python-docx`	`>=1.2.0 (unpinned)`	pip	否	Version not pinned in any manifest file

安全亮点

✓ No credential harvesting or environment variable access

✓ No network requests to external servers

✓ No obfuscation techniques (base64, eval, etc.)

✓ No sensitive file path access (~/.ssh, ~/.aws, .env)

✓ No remote code execution vectors

✓ No hidden instructions in comments or HTML

✓ subprocess usage is limited to documented CLI tool (pandoc)

✓ Clean, well-documented code with proper error handling