Back to skill
Skillv1.1.0
ClawScan security
Markdown to HTML · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 6:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its purpose: a local, zero-dependency Python Markdown→HTML converter that requires no credentials or installs; no network or secret access is present, but the code does not sanitize Markdown-produced HTML and may produce unsafe output for untrusted input.
- Guidance
- This skill appears to be what it says: a small, local Python script that converts Markdown to styled HTML and writes an output file. Before using it in production or serving generated HTML to users, consider that the converter does not sanitize input: raw HTML present in Markdown, or crafted link/image URLs and alt text, will be included verbatim in output (the code escapes code-block contents but does not escape inline text/URLs). That can create XSS or unsafe email content if the Markdown is untrusted. If you plan to process untrusted Markdown, either sanitize the result (e.g., use an HTML sanitizer like bleach) or extend the tool to escape/validate URLs and inline text. Otherwise this skill is coherent and low-risk in terms of hidden network/credential behavior.
Review Dimensions
- Purpose & Capability
- okName/description (convert Markdown to self-contained HTML) matches the provided runtime instructions and the included main.py implementation. No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- noteSKILL.md usage examples and CLI options match main.py. However, neither the docs nor the tool warn that the converter preserves or emits raw HTML from input (the code does not sanitize or strip HTML), so using this on untrusted markdown may produce unsafe output (XSS) — this is a functional/security caveat rather than an incoherence.
- Install Mechanism
- okNo install spec (instruction-only skill) and the code is provided inline. Nothing is downloaded or executed from external URLs; no install-related risks detected.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not access secrets or unrelated system configuration.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-level privileges or modify other skills/config. Autonomous invocation is allowed (platform default) and is appropriate here.