ClawHub

Markdown Formatter

v1.0.0

Format and beautify markdown documents with configurable styles. Preserve structure, fix formatting, ensure consistency.

7· 12.1k·55 current·56 all-time
by@michael-laffin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md, README and the code all describe a markdown formatter/linter that accepts markdown text or file paths and returns formatted text. The functions formatMarkdown, formatBatch and lintMarkdown match the declared purpose and there are no extra services, credentials or unrelated dependencies requested.
Instruction Scope
SKILL.md instructs the agent to read and format files (formatBatch accepts file paths). The code reads files via fs.readFileSync (expected for a batch file formatter). However SKILL.md does not constrain which paths may be passed, so the skill — if invoked with arbitrary paths — can read any file the agent process has permission to read. Also the SKILL.md does not limit network activity (there is none in the code), nor does it request additional environment/context.
Install Mechanism
There is no install spec; this is instruction-plus-local-code only. Nothing is downloaded from remote URLs during install, and no install-time actions are specified in the bundle.
Credentials
The skill declares no required environment variables, no credentials and no config paths. The code only uses core node modules (fs, path) and local config.json — this is proportionate for a local formatter.
Persistence & Privilege
always is false and the skill is user-invocable; it does not ask to be always-enabled. The default ability for the agent to invoke the skill autonomously is unchanged (disable-model-invocation: false) — this is the platform default and not, by itself, a red flag. Be aware that autonomous invocation + functions that read filesystem paths can be used to access local files if the agent decides to call the skill with sensitive paths.
Assessment
This skill appears to be what it claims (a markdown formatter) and does not request credentials or external network access, but the shipped code contains numerous programming errors and questionable regex/logic that could cause crashes or incorrect formatting. Before installing or running it: - Review and fix the code locally (notably STYLE_GUIDES object syntax errors, undefined variables like opts in fixListMarkers, malformed regexes and replacement logic). The package as-is may fail at runtime. - Run the included test.js in a sandbox/container to observe behavior. - Do not pass sensitive system file paths to formatBatch unless you trust the skill; it will read any file the process has permission to read. Consider limiting file paths or running formatting only on files you explicitly supply. - Because the repository/source is unknown, prefer running it in an isolated environment and consider obtaining the package from a trusted upstream repository (or replacing it with a well-known formatter like Prettier or remark) if you need production use. Confidence is medium: intent is clear and coherent, but code quality issues reduce confidence that the implementation is safe to run without review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpv4excsk2j6ct03qcp188h80gybn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments