markdown.new
AdvisoryAudited by VirusTotal on Mar 21, 2026.
Overview
Type: OpenClaw Skill Name: markdown-new-skill Version: 1.0.0 The skill provides instructions for the agent to convert web pages into Markdown using the third-party service `markdown.new` via `curl`. The behavior described in `SKILL.md` is transparent, aligns with the stated purpose of the skill, and does not contain evidence of malicious intent, obfuscation, or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may use curl to contact markdown.new for the URL being read or summarized.
The skill directs the agent to use a local terminal network command. This is central to the stated purpose and appears read-only, but users should know it can cause outbound requests from their environment.
Prefer local access with `curl` (or any suitable alternative tools): ```sh curl -L --fail --silent --show-error "https://markdown.new/<target_url>" ```
Use it for ordinary public pages; ask the agent to use a different method if you do not want local terminal network access.
The external conversion service can learn the URL being fetched and may access the page content if it is reachable.
The skill routes target URLs through the external markdown.new service. This is disclosed and purpose-aligned, but the artifacts do not add privacy guidance for sensitive, private, signed, or token-bearing URLs.
Use `markdown.new` as the default path to access URL content as structured Markdown.
Avoid using this skill with private links, signed URLs, URLs containing tokens, or confidential pages unless you are comfortable sending them to markdown.new.