docling-cli

The Docling CLI description aligns with a document conversion tool that supports OCR, table extraction, and ASR, operating on local files and producing structured outputs. However, the install path relies on an external installer command (uv tool install) with no verifiable provenance provided in the snippet. This introduces a supply-chain risk and potential execution of untrusted binaries. Data flows appear to be local by design, with outputs stored in a designated export directory; there is no explicit credential handling or network exfiltration shown. Overall, the skill is plausibly benign for its stated purpose, but the installation mechanism and unverifiable binary source elevate it to a suspicious risk level unless provenance is clarified and verifiable (checksums, official registries, signatures) is provided.