Skillv1.0.0

ClawScan security

Markdown Anything · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 18, 2026, 11:36 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (uploading user files to markdownanything.com using an API token) matches its description, but there are small inconsistencies (undeclared required binaries, unknown source) that warrant caution before installing.
Guidance: This skill appears to be what it says: it uploads the file you provide to markdownanything.com and returns Markdown. Before installing or using it: (1) understand that any file you convert will be transmitted to https://markdownanything.com — do not upload sensitive data unless you trust the service and have read its privacy policy; (2) provide only a token from the official Markdown Anything workspace (MDA_API_TOKEN) and avoid reusing high-privilege secrets; (3) ensure curl and python3 are available in the execution environment (the scripts require them, but the registry metadata does not declare them); (4) verify the homepage and token retrieval flow (source is listed as unknown, which lowers confidence); (5) if you need stronger assurance, run the scripts in an isolated environment (or inspect and run them manually) and confirm network egress rules; and (6) prefer tokens with limited scope/rotation and monitor usage/credit balance after first use.

Purpose & Capability: noteThe skill claims to convert many file types via the Markdown Anything API and only requires MDA_API_TOKEN — that aligns with the stated purpose. However, the bundled scripts invoke curl and python3 but the registry metadata lists no required binaries; the missing declaration is an inconsistency the user should be aware of.
Instruction Scope: noteSKILL.md and the scripts stay on-purpose: they send the provided file to https://markdownanything.com/api/v1/convert and return the Markdown result. This does mean user files are transmitted to a third-party endpoint (explicitly documented). No other local files or unrelated environment variables are accessed.
Install Mechanism: okThere is no install spec (instruction-only plus two small scripts). Nothing is downloaded or written to disk by an installer, so installation risk is low.
Credentials: okOnly MDA_API_TOKEN is required (primary credential) and the optional flags are narrowly scoped to conversion behavior. The requested environment variables are proportional to the skill's purpose.
Persistence & Privilege: okThe skill does not request permanent presence (always is false), does not modify other skills or system settings, and does not store secrets. Autonomous invocation is allowed (platform default) but not unusually privileged here.