Skillv1.0.0

ClawScan security

File to Markdown Converter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 24, 2026, 5:26 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent — it documents a simple HTTP-based file→Markdown proxy (markdown.new) and asks for no credentials or installs — but it will send local or private files to an external service, so exercise privacy caution.
Guidance: This skill appears to do what it claims (convert files to Markdown via https://markdown.new) and requests no credentials or installs. Primary risk is privacy: uploads or pasted URLs will be sent to a third-party endpoint. Before installing or enabling the skill, consider: (1) Do not send sensitive or confidential files to this service — test with non-sensitive examples first. (2) If you need stronger privacy/compliance, run a local conversion tool or host your own worker. (3) If your agent runs autonomously, restrict its ability to read or upload sensitive files or add a policy requiring user confirmation before uploads. (4) Because the skill source and homepage are unknown, prefer caution and validate the service’s terms/privacy externally if you plan to process sensitive data.

Purpose & Capability: okName/description match the instructions: all examples and endpoints call a single external service (https://markdown.new) to convert files to Markdown. No unrelated binaries or credentials are requested.
Instruction Scope: noteSKILL.md stays on-purpose (fetch URL-to-Markdown, or upload local files via POST /convert). It explicitly instructs agents to upload local files and to scrape webpage URLs — behavior that is necessary for the described functionality but has privacy implications because file contents are transmitted to an external endpoint.
Install Mechanism: okInstruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. Low install risk.
Credentials: okNo environment variables, credentials, or config paths are requested. The lack of credentials is coherent with the documented 'no authentication' API usage.
Persistence & Privilege: noteThe skill does not force always-on inclusion. Default autonomous invocation is allowed (platform default). Because the skill instructs agents to POST local files to an external domain, autonomous use could result in automatic exfiltration of files if the agent has file access — this is a privacy/operational risk to consider (not a direct technical incoherence).