← Back to Skills Marketplace
huaruoji

md2pdf-xelatex

by Yuno Wang · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
732
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install md2pdf-xelatex
Description
Convert Markdown files to PDF with full LaTeX math formula rendering and CJK (Chinese/Japanese/Korean) support. Use when the user asks to convert markdown to...
Usage Guidance
This skill appears to do what it says: convert Markdown to PDF with math and CJK support, using a bundled, readable shell script. Before installing or running it: 1) Ensure the host has the required system packages (pandoc, texlive-xetex and related texlive fonts, fontconfig providing fc-list, and poppler-utils/pdfinfo) — SKILL.md lists apt packages but the registry metadata omitted required binaries. 2) Because the registry source/homepage is missing, review the included script (scripts/md2pdf.sh) yourself (it is included) and optionally run it on non-sensitive sample files first. 3) Expect the script to probe local fonts (fc-list) and create temporary files in a temp dir that it deletes on exit. 4) If you need stricter safety, run inside a sandbox or VM with limited network and filesystem access. If these checks are acceptable, the skill is coherent and low risk to use.
Capability Analysis
Type: OpenClaw Skill Name: md2pdf-xelatex Version: 1.0.0 The skill bundle is designed for a legitimate purpose (Markdown to PDF conversion). However, the `scripts/md2pdf.sh` script is vulnerable to LaTeX injection. User-controlled arguments, specifically `--toc-title`, are directly incorporated into the LaTeX header via `pandoc -V "toc-title=$TOC_TITLE"`. A malicious user could inject arbitrary LaTeX commands, potentially leading to arbitrary file reads or even remote code execution if the underlying XeLaTeX engine has `\write18` enabled. This constitutes a significant vulnerability, classifying the skill as suspicious rather than benign, despite the lack of clear malicious intent within the script itself.
Capability Assessment
Purpose & Capability
The skill's name, description, SKILL.md, and included script all align: they implement Markdown→PDF conversion with XeLaTeX and CJK support. However, the registry metadata lists no required binaries or env vars while SKILL.md and scripts explicitly require pandoc, xelatex (texlive-xetex), fc-list (fontconfig), and pdfinfo (poppler-utils). This mismatch is an informational inconsistency that the user should be aware of.
Instruction Scope
SKILL.md and scripts operate on the provided input file, sanitize emoji/quotes, detect CJK via Unicode ranges, probe local fonts (fc-list), write a temporary header.tex, invoke pandoc/xelatex to produce a PDF, and remove temp files. The instructions do not read unrelated system files, contact external endpoints, or request additional credentials.
Install Mechanism
There is no install spec (instruction-only) and the script is included in the package. Nothing is downloaded or executed from external URLs. The script relies on system packages being installed via the platform package manager, which is a low-risk approach.
Credentials
The skill requests no environment variables or credentials. The tools it uses (pandoc, xelatex, fc-list, pdfinfo) are consistent with the stated purpose. No secrets are requested or referenced.
Persistence & Privilege
The skill does not request persistent or elevated privileges and always:false. It does not modify other skills or global agent settings; it only creates and cleans a temporary working directory for each run.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install md2pdf-xelatex
  3. After installation, invoke the skill by name or use /md2pdf-xelatex
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Pandoc+XeLaTeX, native LaTeX math rendering, CJK auto-detect, emoji sanitization, auto TOC generation
Metadata
Slug md2pdf-xelatex
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is md2pdf-xelatex?

Convert Markdown files to PDF with full LaTeX math formula rendering and CJK (Chinese/Japanese/Korean) support. Use when the user asks to convert markdown to... It is an AI Agent Skill for Claude Code / OpenClaw, with 732 downloads so far.

How do I install md2pdf-xelatex?

Run "/install md2pdf-xelatex" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is md2pdf-xelatex free?

Yes, md2pdf-xelatex is completely free (open-source). You can download, install and use it at no cost.

Which platforms does md2pdf-xelatex support?

md2pdf-xelatex is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created md2pdf-xelatex?

It is built and maintained by Yuno Wang (@huaruoji); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments