Skillv1.0.0

ClawScan security

Markdown Formatter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 8:57 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: This package is a local markdown formatter that requests no credentials and its behavior matches its description, but the shipped code contains multiple bugs and quality issues you should review before running it on sensitive data or in production.
Guidance: This skill appears to be what it claims (a markdown formatter) and does not request credentials or external network access, but the shipped code contains numerous programming errors and questionable regex/logic that could cause crashes or incorrect formatting. Before installing or running it: - Review and fix the code locally (notably STYLE_GUIDES object syntax errors, undefined variables like opts in fixListMarkers, malformed regexes and replacement logic). The package as-is may fail at runtime. - Run the included test.js in a sandbox/container to observe behavior. - Do not pass sensitive system file paths to formatBatch unless you trust the skill; it will read any file the process has permission to read. Consider limiting file paths or running formatting only on files you explicitly supply. - Because the repository/source is unknown, prefer running it in an isolated environment and consider obtaining the package from a trusted upstream repository (or replacing it with a well-known formatter like Prettier or remark) if you need production use. Confidence is medium: intent is clear and coherent, but code quality issues reduce confidence that the implementation is safe to run without review.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, README and the code all describe a markdown formatter/linter that accepts markdown text or file paths and returns formatted text. The functions formatMarkdown, formatBatch and lintMarkdown match the declared purpose and there are no extra services, credentials or unrelated dependencies requested.
Instruction Scope: noteSKILL.md instructs the agent to read and format files (formatBatch accepts file paths). The code reads files via fs.readFileSync (expected for a batch file formatter). However SKILL.md does not constrain which paths may be passed, so the skill — if invoked with arbitrary paths — can read any file the agent process has permission to read. Also the SKILL.md does not limit network activity (there is none in the code), nor does it request additional environment/context.
Install Mechanism: okThere is no install spec; this is instruction-plus-local-code only. Nothing is downloaded from remote URLs during install, and no install-time actions are specified in the bundle.
Credentials: okThe skill declares no required environment variables, no credentials and no config paths. The code only uses core node modules (fs, path) and local config.json — this is proportionate for a local formatter.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not ask to be always-enabled. The default ability for the agent to invoke the skill autonomously is unchanged (disable-model-invocation: false) — this is the platform default and not, by itself, a red flag. Be aware that autonomous invocation + functions that read filesystem paths can be used to access local files if the agent decides to call the skill with sensitive paths.