Markdown Toolkit
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Markdown helper skill with user-directed command snippets and no evidence of hidden credentials, persistence, exfiltration, or deceptive behavior.
This appears safe for normal Markdown maintenance. Before installing or using it, treat the snippets as commands to run deliberately: target only files you intend to change, review generated output, verify local dependencies, and do not rely on the simple HTML conversion/stripping examples as a security sanitizer for untrusted content.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could modify a Markdown file if the command is run against the wrong path.
This is a purpose-aligned Markdown cleanup command, but it edits the target file in place, so running it on the wrong file could unintentionally change user documents.
**Trailing whitespace:** `sed -i 's/[[:space:]]*$//' doc.md`
Run file-modifying snippets only on specific files you choose, keep backups or version control, and review diffs after automated formatting.
Some snippets may fail or use whatever local version of pandoc, Python, sed, or PyYAML is installed.
The instruction-only skill references local tools and Python modules, while the registry declares no required binaries or install spec. This is not suspicious by itself, but users should know the examples depend on their local environment.
pandoc input.md -o output.html --standalone ... import sys, yaml
Verify required tools are installed from trusted sources before running the examples, especially pandoc and PyYAML.