Back to skill
Skillv3.1.0
ClawScan security
Markdown Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 19, 2026, 5:57 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Markdown utility whose requested actions (running small Python/shell snippets that read and transform Markdown files) match its description and do not request unexplained credentials or installs.
- Guidance
- This is an instruction-only collection of small shell/Python snippets for editing and validating Markdown. It does not request secrets or install software itself. Before running: (1) review the snippets (they're short and readable) to ensure you understand what file paths you'll supply, (2) avoid passing sensitive system files as inputs, (3) ensure python3 and any optional packages you need (e.g., PyYAML for frontmatter checks) are available, and (4) be aware the pandoc example will fetch an external CSS if you use it. If you need stricter isolation, run the scripts in a sandbox or container.
Review Dimensions
- Purpose & Capability
- okName/description (TOC, conversion, fixer, merger, YAML validator, orphan-link finder) aligns with the provided scripts. All required actions (reading Markdown files, producing HTML or reports) are consistent with the stated purpose.
- Instruction Scope
- noteAll runtime instructions are inline scripts that read files provided as arguments (or default filenames). They do not exfiltrate data or call external endpoints (except optional use of pandoc and an external CSS URL in a suggested pandoc command). Note: the scripts will run on the agent host and thus can read any file path you give them — that is expected for a file-processing toolkit but you should avoid pointing them at sensitive files.
- Install Mechanism
- okNo install spec or bundled code. Instruction-only skill — nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. The scripts import Python modules (e.g., yaml) which may need to be present in the runtime, but requiring those packages is reasonable for the YAML validator functionality.
- Persistence & Privilege
- okNo 'always: true' flag and no attempts to modify other skills or system settings. Agent autonomous invocation is allowed (default) but not combined with any other concerning privilege or credential access.