Markdown to HTML Converter
PassAudited by ClawScan on May 12, 2026.
Overview
This instruction-only skill appears to be a normal Markdown-to-HTML reference, with user-directed command and install examples but no hidden code, credentials, or persistence.
This looks safe to use for Markdown conversion. Before following examples, review any package installs, choose explicit input and output paths, and sanitize untrusted Markdown before rendering it in a browser or publishing the generated HTML.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Following the setup examples may install third-party tools into the local development environment.
The skill documents installing an external Markdown converter package. This is user-directed and purpose-aligned, but users should trust the package source and version before installing global tools.
1. Ensure marked is installed: `npm install -g marked`
Install only from trusted package managers, consider pinning versions for repeatable builds, and avoid running global installs unless needed.
If run with the wrong paths, conversion scripts could create or overwrite generated HTML files.
The reference includes a local Node.js script workflow for batch conversion. Running local scripts is expected for this converter skill, but it can read files from the chosen input directory and write output files.
Run with: `node convert-all.js`
Review scripts and paths before running them, use a project-specific directory, and keep backups or version control for source documents.
Publishing or previewing untrusted Markdown as HTML without sanitization could expose viewers to unsafe embedded HTML.
The artifacts correctly note that Markdown conversion may produce unsafe HTML unless sanitized. This is a normal risk for Markdown renderers, especially with untrusted input.
**Important:** gomarkdown does not sanitize HTML output. Use Bluemonday for untrusted input:
Sanitize untrusted Markdown output with a tool such as Bluemonday or DOMPurify, or disable raw HTML where possible before publishing.