Expanso xml-to-json
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts match a simple XML-to-JSON converter; only the optional network server and external Expanso setup/deployment commands warrant normal review.
This skill appears coherent and purpose-aligned for converting XML to JSON. Before installing or running it, make sure you trust the Expanso tooling, verify any remote cloud-deploy URL you use, and restrict the optional server mode to localhost or a protected network if the XML content could be sensitive.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the MCP/server pipeline is started on a reachable network, other machines may be able to submit XML conversion requests to it.
The optional server mode binds to all network interfaces and exposes a POST endpoint; no authentication or local-only binding is shown.
http:
enabled: true
address: "0.0.0.0:${PORT:-8080}"
...
http_server:
path: /convert
allowed_verbs: [POST]Run the server only when needed, prefer binding to localhost for local use, and use firewall or authentication controls if exposing it on a network.
Running the setup or cloud deployment commands means trusting external Expanso packages or remote pipeline content.
The skill is instruction-only but relies on external Expanso tooling and an unpinned remote URL for cloud deployment; this is disclosed and purpose-aligned, but the external artifact may differ from the reviewed files.
Install via: `clawhub install expanso-edge` ... expanso-cli job deploy https://skills.expanso.io/xml-to-json/pipeline-cli.yaml
Verify the Expanso tools and, for cloud deployment, prefer deploying the reviewed local pipeline or confirm the remote URL contents before use.