Markdown Editor With Chat
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent for a local markdown editor, but its file path protection appears weak enough that crafted requests may escape the intended markdown folder.
Review this skill before installing. If you use it, point MARKDOWN_DIR at a dedicated non-sensitive folder, keep HOST at 127.0.0.1, and enable the gateway token only when needed. The path traversal check should be fixed before trusting it with broad or sensitive markdown directories.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted local request could potentially list, read, or save markdown files outside the folder the user intended to expose.
The filesystem boundary is enforced with a raw string-prefix check. A sibling directory whose path starts with the same prefix as MARKDOWN_DIR can pass this style of check, weakening the advertised path-traversal protection.
const resolved = path.resolve(MARKDOWN_DIR, requestedPath); if (!resolved.startsWith(path.resolve(MARKDOWN_DIR))) { return null; }Fix safePath to compare canonical paths with path.relative and reject absolute paths, '..' traversal, and separator-confused prefixes. Until fixed, use a dedicated non-sensitive MARKDOWN_DIR and keep the server bound to 127.0.0.1.
If chat is enabled, anyone who can reach the local server's chat endpoint may be able to make gateway-backed chat requests through the configured token.
The skill reads an OpenClaw gateway token from the environment and uses it as a Bearer token for chat requests. This is disclosed and purpose-aligned, but it is still delegated account/service authority.
const GATEWAY_TOKEN = process.env.OPENCLAW_GATEWAY_TOKEN || ''; ... 'Authorization': `Bearer ${GATEWAY_TOKEN}`Use a limited gateway token, keep the server on localhost unless you intentionally trust the network, and unset the token when chat is not needed.
Text you send to the chat panel, and any document content you paste into it, may be processed by the configured gateway.
Chat messages are proxied to the configured OpenClaw gateway. This is expected for the optional chat feature, but it means chat content leaves the editor process and is sent to that gateway.
body: JSON.stringify({ model: 'default', messages, stream: false })Only configure a trusted gateway URL and avoid sending sensitive markdown content unless that gateway is appropriate for it.