Markdown.new Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user supplies a private, internal, or sensitive URL, that URL would be sent to a third-party service.
The script sends the requested URL and conversion options to the external markdown.new service. This is disclosed and central to the skill, but it means the provider receives the URL.
DEFAULT_API_URL = "https://markdown.new/" ... payload = {"url": args.url, "method": args.method, "retain_images": bool(args.retain_images)}Use this skill only with public URLs and avoid submitting private, authenticated, internal, or confidential links.
Converted pages could influence an agent or RAG pipeline if their text is treated as instructions instead of untrusted source material.
The skill prepares arbitrary public web page content for LLM and RAG workflows. Such content can contain misleading or adversarial instructions even after conversion to Markdown.
Use when tasks require URL-to-Markdown conversion for summarization, RAG ingestion, extraction, archiving...
Treat converted Markdown as untrusted quoted content, verify critical extractions, and avoid letting page text override user or system instructions.
Users have less registry-level assurance about where the helper script came from or what runtime requirement, such as Python, is expected.
The registry metadata does not provide source provenance or an install spec, while the skill includes and documents a Python helper script. The helper script is coherent with the purpose, but users should be aware of the provenance gap.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Code file presence: scripts/markdown_new_fetch.py
Review the included script before use and ensure Python 3 is available; prefer installing from a trusted source if available.