ClawAudit verdict
pdf-ppt-docx-xlsx
uwvwko-pdf-ppt-docx-xlsx-tools
Writes files AND executes processes
Document format conversion toolkit (PDF/DOCX/PPTX/XLSX) using standard Python libraries; all operations are local file transformations with no network exfiltration and a clearly stated legitimate purpose.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Writes files AND executes processes — may drop and execute malicious scripts
LLM05 · LLM06 · ASI05
Installs packages AND executes processes — opaque dependency chain with execution
LLM03 · ASI04
Both reads and writes files — verify scope is limited to intended directories
LLM06 · ASI02
Permission integrity
package_install
Findings (5)
References sudo — requests elevated privileges
SKILL.md · code · sudo
Pipe to python — executes piped content as Python code
SKILL.md · prose · downgraded · | python
subprocess execution — runs system commands from Python
SKILL.md · code · subprocess.run(
subprocess with shell=True — command injection vector
scripts/docx_to_pdf.py · prose · downgraded · subprocess.run(cmd, shell=True
Python directory traversal
SKILL.md · code · os.listdir(
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 2 system binaries. (1 elevated: pip).
package_installfile_readprocess_execfile_writedir_traversal Thanks — recorded.