← 返回 Skills 市场
huaruoji

md2pdf-xelatex

作者 Yuno Wang · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
732
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install md2pdf-xelatex
功能描述
Convert Markdown files to PDF with full LaTeX math formula rendering and CJK (Chinese/Japanese/Korean) support. Use when the user asks to convert markdown to...
安全使用建议
This skill appears to do what it says: convert Markdown to PDF with math and CJK support, using a bundled, readable shell script. Before installing or running it: 1) Ensure the host has the required system packages (pandoc, texlive-xetex and related texlive fonts, fontconfig providing fc-list, and poppler-utils/pdfinfo) — SKILL.md lists apt packages but the registry metadata omitted required binaries. 2) Because the registry source/homepage is missing, review the included script (scripts/md2pdf.sh) yourself (it is included) and optionally run it on non-sensitive sample files first. 3) Expect the script to probe local fonts (fc-list) and create temporary files in a temp dir that it deletes on exit. 4) If you need stricter safety, run inside a sandbox or VM with limited network and filesystem access. If these checks are acceptable, the skill is coherent and low risk to use.
功能分析
Type: OpenClaw Skill Name: md2pdf-xelatex Version: 1.0.0 The skill bundle is designed for a legitimate purpose (Markdown to PDF conversion). However, the `scripts/md2pdf.sh` script is vulnerable to LaTeX injection. User-controlled arguments, specifically `--toc-title`, are directly incorporated into the LaTeX header via `pandoc -V "toc-title=$TOC_TITLE"`. A malicious user could inject arbitrary LaTeX commands, potentially leading to arbitrary file reads or even remote code execution if the underlying XeLaTeX engine has `\write18` enabled. This constitutes a significant vulnerability, classifying the skill as suspicious rather than benign, despite the lack of clear malicious intent within the script itself.
能力评估
Purpose & Capability
The skill's name, description, SKILL.md, and included script all align: they implement Markdown→PDF conversion with XeLaTeX and CJK support. However, the registry metadata lists no required binaries or env vars while SKILL.md and scripts explicitly require pandoc, xelatex (texlive-xetex), fc-list (fontconfig), and pdfinfo (poppler-utils). This mismatch is an informational inconsistency that the user should be aware of.
Instruction Scope
SKILL.md and scripts operate on the provided input file, sanitize emoji/quotes, detect CJK via Unicode ranges, probe local fonts (fc-list), write a temporary header.tex, invoke pandoc/xelatex to produce a PDF, and remove temp files. The instructions do not read unrelated system files, contact external endpoints, or request additional credentials.
Install Mechanism
There is no install spec (instruction-only) and the script is included in the package. Nothing is downloaded or executed from external URLs. The script relies on system packages being installed via the platform package manager, which is a low-risk approach.
Credentials
The skill requests no environment variables or credentials. The tools it uses (pandoc, xelatex, fc-list, pdfinfo) are consistent with the stated purpose. No secrets are requested or referenced.
Persistence & Privilege
The skill does not request persistent or elevated privileges and always:false. It does not modify other skills or global agent settings; it only creates and cleans a temporary working directory for each run.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install md2pdf-xelatex
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /md2pdf-xelatex 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Pandoc+XeLaTeX, native LaTeX math rendering, CJK auto-detect, emoji sanitization, auto TOC generation
元数据
Slug md2pdf-xelatex
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

md2pdf-xelatex 是什么?

Convert Markdown files to PDF with full LaTeX math formula rendering and CJK (Chinese/Japanese/Korean) support. Use when the user asks to convert markdown to... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 732 次。

如何安装 md2pdf-xelatex?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install md2pdf-xelatex」即可一键安装,无需额外配置。

md2pdf-xelatex 是免费的吗?

是的,md2pdf-xelatex 完全免费(开源免费),可自由下载、安装和使用。

md2pdf-xelatex 支持哪些平台?

md2pdf-xelatex 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 md2pdf-xelatex?

由 Yuno Wang(@huaruoji)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论