md-to-office@ 1.0

github.com/claude-office-skills/skills

Verdict: Proceed with caution

0 critical0 high8 medium

SCORE 55 / 100

$skillox install md-to-officeSoon

Why grade C?

score · 55 / 100

The current grade reflects 8 medium findings (6+ MEDs → C).

0 CRIT0 HIGH8 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 3 of 8 MED (cap is 5).
A
Reach Atarget score 95
Resolve 6 of 8 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-ykcqu5xgpsg57ezakdheith6 · Thu, 28 May 2026 17:05:06 GMT · 11ms

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 250CWE-78

▾

248 cmd.extend(['--reference-doc', template])

249

250 subprocess.run(cmd, check=True)← spawns a subprocess outside declared capabilities

251 return output_path

252

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 263CWE-78

▾

261 cmd.extend(['-V', f"geometry:margin={options['margin']}"])

262

263 subprocess.run(cmd, check=True)← spawns a subprocess outside declared capabilities

264 return output_path

265

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 273CWE-78

▾

271 cmd.extend(['--reference-doc', template])

272

273 subprocess.run(cmd, check=True)← spawns a subprocess outside declared capabilities

274 return output_path

275```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 320CWE-78

▾

318 for md_file in input_path.glob('*.md'):

319 output_file = output_path / md_file.with_suffix(f'.{output_format}').name

320 subprocess.run([← spawns a subprocess outside declared capabilities

321 'pandoc', str(md_file), '-o', str(output_file)

322 ], check=True)

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 352CWE-78

▾

350 cmd.extend(['--reference-doc', template])

351

352 subprocess.run(cmd, check=True)← spawns a subprocess outside declared capabilities

353 os.remove('temp_report.md')

354```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 425CWE-78

▾

423

424# Convert to Word

425subprocess.run([← spawns a subprocess outside declared capabilities

426 'pandoc', 'api_docs.md',

427 '-o', 'api_documentation.docx',

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 433CWE-78

▾

431

432# Convert to PDF

433subprocess.run([← spawns a subprocess outside declared capabilities

434 'pandoc', 'api_docs.md',

435 '-o', 'api_documentation.pdf',

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 512CWE-78

▾

510 f.write(slides_md)

511

512subprocess.run([← spawns a subprocess outside declared capabilities

513 'pandoc', 'presentation.md',

514 '-o', 'q4_review.pptx',

View latest scan →

skillox.io/c/md-to-office

Skill facts

Latest grade: C · 55
Total scans: 1
Latest version: 1.0
Last scanned: 2026-05-28
Source: claude-office-skills/skills

AIBOM

What this skill accesses

Manifest dishonest

Declared (from capabilities)

filesystemunspecified
networkunspecified
subprocessunspecified
0markdown_conversion
1document_generation

Observed (from scan findings)

Subprocess invocations

subprocess.run([
subprocess.run(cmd, check=True)

AIBOM (Application Skills Bill of Materials) — see /docs/concepts/aibom for the format.

Version history

Only this scan

No other scans on record for this skill name. New scans appear here as the catalog re-crawls or creators request a re-scan.

Embed badge

Show this grade in your README.

Tracks the latest grade automatically. Updates within five minutes of every re-scan.

Markdown

[![SkillOx grade](https://api.skillox.io/badge/md-to-office.svg)](https://skillox.io/c/md-to-office)

Markdown · score

[![SkillOx score](https://api.skillox.io/badge/score/md-to-office.svg)](https://skillox.io/c/md-to-office)

HTML

<a href="https://skillox.io/c/md-to-office"><img src="https://api.skillox.io/badge/md-to-office.svg" alt="SkillOx grade"/></a>

reST

.. image:: https://api.skillox.io/badge/md-to-office.svg
   :target: https://skillox.io/c/md-to-office
   :alt: SkillOx grade

Coming soon

Creator verification badge, expert-review status, and Cosign-signed release attestation appear here as those layers ship. AIBOM + version history are live; the others follow once the creator portal completes its identity-proof + signing surface.