batch-convert@ 1.0
github.com/claude-office-skills/skills
Scanned Thu, 28 May 2026 17:06:50 GMT
Scan ID crawl-s7ps4peicjgaf9hzcmumhxnz · 2ms
C
SCORE 55 / 100
Verdict: Proceed with caution
8 medium findings.
This skill spawns subprocesses outside its declared capabilities plus 7 other issues listed below.
0 critical0 high8 medium4 rules passed
Why grade C?
score · 55 / 100The current grade reflects 8 medium findings (6+ MEDs → C).
0 CRIT0 HIGH8 MED0 LOW
To reach a higher grade
- BReach Btarget score 75
Resolve 3 of 8 MED (cap is 5).
- AReach Atarget score 95
Resolve 6 of 8 MED (cap is 2).
Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.
Findings · ordered by severity
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
167# Markdown conversions (using Pandoc)
168def _md_to_docx(self, input_path, output_path):
169 subprocess.run(['pandoc', str(input_path), '-o', str(output_path)], check=True)← spawns a subprocess outside declared capabilities
170 return output_path
171
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
171
172def _md_to_pdf(self, input_path, output_path):
173 subprocess.run(['pandoc', str(input_path), '-o', str(output_path)], check=True)← spawns a subprocess outside declared capabilities
174 return output_path
175
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
175
176def _md_to_html(self, input_path, output_path):
177 subprocess.run(['pandoc', str(input_path), '-s', '-o', str(output_path)], check=True)← spawns a subprocess outside declared capabilities
178 return output_path
179
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
179
180def _md_to_pptx(self, input_path, output_path):
181 subprocess.run(['marp', str(input_path), '-o', str(output_path)], check=True)← spawns a subprocess outside declared capabilities
182 return output_path
183
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
225# Office to PDF (using LibreOffice)
226def _docx_to_pdf(self, input_path, output_path):
227 subprocess.run([← spawns a subprocess outside declared capabilities
228 'soffice', '--headless', '--convert-to', 'pdf',
229 '--outdir', str(output_path.parent), str(input_path)
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
232
233def _xlsx_to_pdf(self, input_path, output_path):
234 subprocess.run([← spawns a subprocess outside declared capabilities
235 'soffice', '--headless', '--convert-to', 'pdf',
236 '--outdir', str(output_path.parent), str(input_path)
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
239
240def _pptx_to_pdf(self, input_path, output_path):
241 subprocess.run([← spawns a subprocess outside declared capabilities
242 'soffice', '--headless', '--convert-to', 'pdf',
243 '--outdir', str(output_path.parent), str(input_path)
medArbitrary subprocess execution detectedThe skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.▾
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
398 try:
399 # Use LibreOffice for legacy formats
400 subprocess.run([← spawns a subprocess outside declared capabilities
401 'soffice', '--headless',
402 '--convert-to', target_format,
skillox.io/r/crawl-s7ps4peicjgaf9hzcmumhxnz