Web Page Markdown Content API
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it claims, but it passes the JustOneAPI token on the command line, where it may be exposed locally.
Review the token-handling issue before installing. If you use this skill, run it only in a trusted environment, avoid private URLs unless you intend to send them to JustOneAPI, and prefer an updated version that does not put the API token in command-line arguments.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your JustOneAPI token could be exposed on the local machine even though the API call itself is purpose-aligned.
This invocation expands the API token into a command-line argument for the Node helper. Command-line arguments can be visible to local process monitors, other users on shared systems, or execution logs.
node {baseDir}/bin/run.mjs --operation "markdownV1" --token "$JUST_ONE_API_TOKEN" --params-json '{"url":"<url>"}'Use only on trusted machines, prefer a helper that reads JUST_ONE_API_TOKEN directly from the environment or stdin, and rotate the token if you suspect it was exposed.