Back to skill
Skillv1.0.0
ClawScan security
Markdown to Feishu Post · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMay 1, 2026, 7:57 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5.5
- Summary
- This skill appears to be a straightforward local Markdown-to-Feishu JSON converter with no evidence of credential use, network access, persistence, or hidden behavior.
- Guidance
- This appears safe to use for local Markdown conversion. Review the generated Feishu JSON before sending it, especially if the Markdown includes links, images, or @mentions such as @all.
Review Dimensions
- Purpose & Capability
- okThe stated purpose is to convert Markdown into Feishu Post JSON, and the visible script content aligns with parsing Markdown elements and producing JSON.
- Instruction Scope
- okThe usage instructions are user-directed command examples for converting direct text or a specified file; they do not instruct autonomous posting, credential use, or destructive actions.
- Install Mechanism
- okThere is no install spec and no package installation shown; the skill uses a bundled Python script invoked from the command line.
- Credentials
- okNo environment variables, credentials, required config paths, external services, or broad local access are requested; optional file input is consistent with Markdown conversion.
- Persistence & Privilege
- okThe artifacts do not show persistence, background execution, privilege escalation, account access, or ongoing agent behavior.