ClawHub
Back to skill
v1.0.0

Markdown Browser

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:00 AM.

Analysis

The wrapper code matches its stated purpose, but its npm dependency lockfile points installation at non-HTTPS third-party mirrors, so users should review the install path before using it.

GuidanceBefore installing, review or regenerate the npm lockfile so dependencies come from a trusted HTTPS registry. The wrapper logic itself appears aligned with its web_fetch post-processing purpose, but make sure your workflow honors policy_action before using returned page content.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
package-lock.json
"resolved": "http://mirrors.tencentyun.com/npm/turndown/-/turndown-7.2.2.tgz"

The lockfile directs dependency retrieval to a non-HTTPS third-party mirror. Because the skill documentation tells users to run npm install, this creates an install provenance and transport-security concern, despite the presence of integrity hashes.

User impactInstalling the skill may fetch package code from a third-party HTTP mirror rather than the official HTTPS npm registry.
RecommendationRegenerate the lockfile using an HTTPS registry such as https://registry.npmjs.org, keep exact locked versions and integrity hashes, and declare Node/npm installation requirements clearly.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install --omit=dev
...
node browser.js \
  --input /tmp/web_fetch.json

The skill is not purely instructional in use; it expects local package installation and execution of browser.js. This is purpose-aligned for the markdown conversion wrapper but should be understood before installation.

User impactUsing the CLI runs local JavaScript with access to the input file supplied to --input or stdin.
RecommendationRun it only from the intended skill directory after reviewing the dependency lockfile and browser.js.
Human-Agent Trust Exploitation
SeverityLowConfidenceMediumStatusNote
README.md
**🛡️ Policy Enforcement**: Automatically parses `Content-Signal` headers. If a site says `ai-train=no`, we flag it immediately.

The wording may sound like automatic enforcement, but the documented behavior is to produce a policy flag for downstream logic. Users should not assume blocked or review-needed content is suppressed automatically.

User impactA workflow that ignores policy_action could still pass fetched page content onward even when the signal indicates review or blocking.
RecommendationEnsure any agent workflow checks policy_action before using the returned content, or update the wrapper to omit content when policy_action is block_input.