Markdown Formatter
PassAudited by ClawScan on May 1, 2026.
Overview
The visible artifacts describe a local markdown formatter with no credentials, network access, or persistence, but its batch mode can read user-specified files.
This appears safe for normal markdown formatting. Only pass files you intend the formatter to read, and review the formatted result before using it to replace important documents.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is given the wrong path, it could read a non-markdown or sensitive local file and return its contents as formatted output.
The batch tool reads every caller-supplied local file path. That is expected for a batch markdown formatter, but the code does not visibly restrict paths to markdown extensions or a specific workspace.
for (const filePath of markdownFiles) { ... const content = fs.readFileSync(filePath, 'utf8');Use batch mode only with explicit markdown file paths you trust, and review any formatted output before copying it back into files.