Markdown to HTML
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent local Markdown-to-HTML converter, but generated HTML is not sanitized, so it should only be used with trusted Markdown.
Safe to install for converting your own Markdown files locally. Do not use it to convert untrusted Markdown into HTML for websites, newsletters, or email templates unless you first add sanitization or manually review the output.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the Markdown comes from an untrusted source, the generated HTML could contain unsafe HTML, script-like content, injected attributes, or unsafe links when opened or shared.
Markdown text, link text, URLs, and image attributes are inserted into the generated HTML without general HTML escaping or URL sanitization.
text = re.sub(r'\[([^\]]+)\]\(([^)]+)\)', r'<a href="\2">\1</a>', text) ... html_lines.append(inline(stripped))
Use this skill only with trusted Markdown, or add HTML escaping/sanitization and URL filtering before publishing, emailing, or hosting the generated HTML.