ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markdown to Page

v1.0.0

Convert Markdown files into styled, scrollable wide-screen HTML pages with dark/light themes, animations, and rich directive components for web articles.

0· 284·0 current·0 all-time
by@lz-web3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script and SKILL.md: the tool converts markdown to styled HTML, supports directive blocks, and optionally embeds/compresses local images. No unexplained credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run the included Python script on an input .md and output an .html file. The script will read the input markdown and any local files referenced by image links (relative to the input file). It does not contact external endpoints. Be aware the generated HTML may include raw HTML from the Markdown and thus can contain active script/content if the input includes it.
Install Mechanism
No install spec is provided (instruction-only with an included script). Nothing is downloaded from external URLs; code is bundled with the skill. This is low install risk.
Credentials
The skill requires no environment variables, credentials, or system config paths. The only filesystem access performed is reading the input Markdown and any local image files referenced by it (expected for image embedding).
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it runs a bundled Python script to convert a Markdown file to HTML. Before installing or running it, consider: (1) The script will read any local files referenced by image links in the Markdown (including absolute paths) and embed their bytes into the output when --embed-images is used — do not run it on untrusted Markdown that points to sensitive local files. (2) The generated HTML may include raw HTML from the input and can therefore execute scripts when opened in a browser; avoid opening/sharing output created from untrusted sources. (3) Pillow is optional; if missing the script will fall back to base64-encoding raw bytes. If you want extra safety, review the included scripts/md_to_page.py source locally and run it on trusted files only.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbcf1rmrj6p52840kt9mfq982najy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments