Markdown Browser
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to match its stated purpose, with only normal user-directed npm/Node setup to process already-fetched pages.
This skill is suitable as a lightweight wrapper for existing web_fetch results. If you use the CLI path, be aware it installs an npm dependency and runs local JavaScript that reads the JSON file you supply. URL redaction applies to the returned source_url fields, not necessarily to sensitive information inside the fetched page content, so respect the policy_action before using the content downstream.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI dependency means trusting the npm package source used for local post-processing.
The skill relies on an external npm package with a semver range, so installation may fetch a later compatible package version. This is expected for the HTML-to-Markdown fallback but is still a supply-chain surface users should notice.
"dependencies":{"turndown":"^7.2.2"}Install from a trusted registry and consider pinning or using a lockfile if reproducible dependency provenance matters.
Running the CLI will read the input file you provide and print the processed page content as JSON.
When used as a CLI, the included Node script reads the user-supplied web_fetch JSON file or stdin and processes it locally. This execution is disclosed and scoped to the wrapper's purpose.
const webFetchResult = args.input ? JSON.parse(fs.readFileSync(args.input, "utf8")) : readJsonFromStdin();
Run it only with intended web_fetch payload files and inspect the output before feeding it into downstream agent logic.