Skillv1.0.2

ClawScan security

Markdown Canvas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 3, 2026, 6:12 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with its stated purpose (converting .md to HTML) but the converter fails to sanitize or escape general markdown content (only code blocks are escaped), creating a clear XSS / unsafe-output risk — a sloppy but likely unintentional vulnerability.
Guidance: This skill does what it says (convert .md → .html) and only needs python3, but it has a security bug: the converter inserts most markdown output into the template without escaping or sanitizing it. That means a malicious or untrusted .md file could inject HTML (including <script> tags) or use javascript: links that execute when the output is opened or shared. Before installing or using on untrusted content: (1) avoid opening or publishing generated HTML from untrusted sources; (2) prefer or request that the author add proper escaping/sanitization (use a well-maintained Markdown library + an HTML sanitizer such as Python's markdown + bleach, or ensure process_inline_formatting applies escape_html before inserting text and validate/sanitize URLs); (3) review or test the script locally with representative inputs; (4) consider using established tooling that enforces safe defaults. If you only convert trusted personal notes, the risk is lower, but heed caution when sharing or running on external markdown.

Purpose & Capability: okName, description, SKILL.md, package.json, template, and the convert.py script all align: this is a simple local Markdown→HTML renderer that requires only python3. Required binaries/env/configs are proportionate.
Instruction Scope: concernSKILL.md limits runtime actions to running scripts/reading the template and optionally opening or pushing the generated file. However, convert.py does not escape or sanitize most user-provided markdown content (headers, paragraphs, links, inline formatting are injected directly into the template). Only code blocks are escaped. That can produce HTML containing raw tags or javascript: links and enable XSS or unexpected script execution when opening or sharing the output.
Install Mechanism: okInstruction-only skill with no install spec; only requires python3 on PATH. No downloads or archive extraction present.
Credentials: okNo environment variables, no credentials, and no config paths requested. The skill does not ask for unrelated secrets or system credentials.
Persistence & Privilege: okalways:false and no installation hooks are present. The skill does not request persistent/system-level privileges or modify other skills' configuration.