local hacker news index page, markdown news frontend
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward local Markdown-to-HTML converter, with the main cautions being local file overwrite risk and trusting the Markdown content used to generate the page.
This skill appears safe for its intended use: converting a local Hacker News-style Markdown snapshot into an HTML page. Before installing or running it, make sure you trust the Markdown input and choose an output path that will not overwrite something important.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the output path points to an important existing file, the skill can overwrite it.
The tool reads the selected input path and writes the selected output path. This is expected for a local converter, but the write mode will create or replace the target HTML file.
with open(args.input, 'r', encoding='utf-8') as f: ... with open(output_path, 'w', encoding='utf-8') as f:
Use an intentional input file and choose a safe output path; avoid pointing `-o` at important existing files.
Opening or sharing HTML generated from untrusted Markdown could expose viewers to misleading links or injected page content.
The script HTML-escapes titles, sources, and URLs, but it does not validate URL schemes and inserts the parsed author field into HTML without escaping. For trusted Hacker News-style snapshots this is likely limited, but crafted Markdown could produce unsafe links or injected HTML in the generated page.
url = e(item['url']) ... href="{url}" ... meta_parts.append(f'<span class="author">@{item["author"]}</span>')Use trusted Markdown snapshots, review generated pages before sharing, and consider escaping the author field and restricting links to safe schemes such as http/https.