Skillv1.0.0

ClawScan security

Markdown Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 4:22 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are coherent with a Markdown-to-HTML converter and request no secrets or unusual system access; minor mismatches and an HTML-escaping omission are worth noting before use.
Guidance: This appears to be a straightforward Markdown-to-HTML converter and is internally consistent with that purpose, but review these before installing or using in production: - Packaging/install: SKILL.md expects a CLI `markdown-tool` but there is no install spec. Decide how you'll expose the provided scripts (install them as executables, add a wrapper, or run the .py files directly). - Feature claims vs. reality: The README claims “Full CommonMark”/GFM support; the scripts implement a subset. If you need full correctness or edge-case compatibility, prefer a well-maintained CommonMark/GFM library (e.g., python-markdown, CommonMark-py) or test thoroughly with representative inputs. - HTML generation safety: The code escapes raw text in several places, but link hrefs and image src attributes are inserted without sanitizing or validating the URL. That can produce unsafe HTML if converting untrusted Markdown (e.g., javascript: URIs). If you will render output in a browser or expose converted HTML to others, sanitize or validate link/image URLs or use a library that handles safe URL schemes and attribute escaping. - No network or secrets: The scripts do not perform network I/O or require credentials, which reduces risk. Still, run first in a controlled environment and inspect the scripts if you plan to process untrusted input. If you want a higher-assurance drop-in, ask the author to: (1) provide an install spec or packaging so the CLI name matches the docs, (2) document the exact Markdown/GFM compatibility, and (3) add URL/attribute sanitization or recommend using a sanitizer when producing HTML from untrusted sources.

Review Dimensions

Purpose & Capability: noteThe name/description match the included Python scripts that perform Markdown parsing and HTML conversion. However, SKILL.md claims “Full CommonMark spec support” and GFM extensions while the shipped scripts implement a relatively small custom subset of Markdown (basic headings, lists, code blocks, links, images, simple inline formatting). Also SKILL.md documents a CLI called `markdown-tool` while the repo provides scripts/markdown.py and scripts/md.py but no install spec or explicit CLI wrapper — this is a small inconsistency about packaging/installation, not a security failure.
Instruction Scope: okSKILL.md usage examples are limited to reading files or stdin and writing HTML/TOC output. The included scripts only read the input file or stdin and write output files or stdout; they do not access unrelated system paths, environment variables, or external endpoints. Instructions do not ask for additional data beyond the stated task.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk. But the presence of executable Python scripts without an install step or packaging means the documented CLI name (`markdown-tool`) may not be available as-is; the user or integrator will need to arrange how those scripts are exposed as a CLI (e.g., symlink, wrapper, or packaging).
Credentials: okThe skill declares no required environment variables, credentials, or config paths, and the code does not read environment variables or external credentials. The requested environment access is proportionate to the stated purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent privileges or modify other skills or system-wide configuration. It runs as a user-level CLI-style script when invoked.