Skillv1.0.0

VirusTotal security

Markdown to Page · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 29, 2026, 5:36 AM

Hash: 6093e116ff59741082914fe6f31615f5e1b78809cd0bdcf4773eb49b6ee53d94
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: md-to-page Version: 1.0.0 The skill bundle provides a Markdown-to-HTML converter with advanced visual components, but it contains significant security vulnerabilities in 'scripts/md_to_page.py'. Specifically, the 'embed_images_in_md' function is vulnerable to path traversal, allowing it to read and encode arbitrary local files (e.g., via '![alt](/etc/passwd)') into the output HTML as base64 data. Additionally, the custom Markdown parser in 'inline_md' fails to sanitize link text, creating a cross-site scripting (XSS) risk in the generated documents.
External report: View on VirusTotal