Markdown to HTML Converter
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Following the setup examples may install third-party tools into the local development environment.
The skill documents installing an external Markdown converter package. This is user-directed and purpose-aligned, but users should trust the package source and version before installing global tools.
1. Ensure marked is installed: `npm install -g marked`
Install only from trusted package managers, consider pinning versions for repeatable builds, and avoid running global installs unless needed.
If run with the wrong paths, conversion scripts could create or overwrite generated HTML files.
The reference includes a local Node.js script workflow for batch conversion. Running local scripts is expected for this converter skill, but it can read files from the chosen input directory and write output files.
Run with: `node convert-all.js`
Review scripts and paths before running them, use a project-specific directory, and keep backups or version control for source documents.
Publishing or previewing untrusted Markdown as HTML without sanitization could expose viewers to unsafe embedded HTML.
The artifacts correctly note that Markdown conversion may produce unsafe HTML unless sanitized. This is a normal risk for Markdown renderers, especially with untrusted input.
**Important:** gomarkdown does not sanitize HTML output. Use Bluemonday for untrusted input:
Sanitize untrusted Markdown output with a tool such as Bluemonday or DOMPurify, or disable raw HTML where possible before publishing.