ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baoyu Format Markdown

v1.103.1

Formats plain text or markdown files with frontmatter, titles, summaries, headings, bold, lists, and code blocks. Use when user asks to "format markdown", "b...

0· 1.1k·49 current·51 all-time
byJim Liu 宝玉@jimliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with code and instructions: the repository contains a Markdown formatting CLI (scripts/main.ts), quote replacement, and an autocorrect helper. Declared required binaries (bun or npx) match how the SKILL.md instructs the agent to run the scripts.
Instruction Scope
SKILL.md stays within the formatter's scope: it reads the user-specified file, optionally consults EXTEND.md configuration from project/user config paths, asks the user whether to optimize/copy/modify, runs analysis steps, then executes local scripts for typography fixes. The only extra scope is reading EXTEND.md from $HOME and $XDG_CONFIG_HOME (expected for preferences). The skill will also write formatted output (either to a -formatted copy or in-place) as described.
!
Install Mechanism
There is no install spec; runtime execution relies on bun or npx. The scripts call npx (e.g., 'npx -y bun scripts/main.ts' and spawnSync('npx', ['autocorrect-node', ...])) which will fetch and execute packages from the npm registry on demand. Some dependencies are in package.json and lockfiles, but the autocorrect invocation uses 'autocorrect-node' via npx and that package is not listed in the included package.json, so it may be downloaded and executed unpinned at runtime. This live fetching/execution increases risk compared to a fully vendored or pinned install.
Credentials
The skill requests no environment variables or credentials. It does read configuration files from expected locations (.baoyu-skills in project, $HOME/.baoyu-skills, or XDG config) which is reasonable for per-user preferences. It only accesses files the user asks it to format and those standard config paths.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges. It can modify files (either overwrite original for 'typography only' or write a -formatted copy), which is expected behavior for a formatter but worth noting so users can back up originals.
What to consider before installing
This skill appears to do what it says: format Markdown and run small local scripts. Before installing or running it, note two practical risks: (1) it uses npx at runtime to run bun and to invoke 'autocorrect-node', which may download and execute third‑party code from the npm registry that isn't listed/pinned in the package.json—review the upstream 'autocorrect-node' package if you care about provenance; (2) it can overwrite the original file (an option), so keep backups or use the 'copy' option. To reduce risk, run the scripts in a controlled environment (container or VM), preinstall and audit dependencies locally (or run npm install using the provided lockfile), and inspect the remote packages the skill would fetch. If you don't want on-the-fly network installs, avoid allowing the skill to run npx or pre-install bun and all dependencies yourself.
scripts/autocorrect.ts:6
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fxpe6817enjezejsp8wzn0984rdqp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binbun, npx

Comments