Peekmd
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Peekmd is a coherent instruction-only skill for publishing markdown as shareable web pages, with disclosed external sharing and optional paid credential flows that users should control.
Use Peekmd for non-sensitive markdown or content you intentionally want to share. Before creating a link, confirm the content is safe for an external service, choose a short TTL when possible, burn pages when finished, and only use Stripe/x402 paid flows with explicit approval.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private notes, secrets, customer data, or internal reports included in the markdown could be exposed through the external service or shared link.
The core workflow sends user-provided markdown to an external provider and makes it available through a shareable URL.
`POST /api/create` ... `markdown` ... `GET /:slug` Returns the rendered HTML page. Share this URL directly.
Use it only for content that is safe to share externally, remove secrets before posting, and prefer short TTLs or the burn endpoint for temporary handoffs.
If a paid tier is used, API keys or payment receipts could authorize charges or paid page creation.
The skill documents optional paid tiers that use bearer API keys and crypto payment receipts.
`Authorization: Bearer sk_...` ... `$0.001-$0.01/page` ... `X-PAYMENT` header ... `0.01 USDC/page`
Require explicit user approval before using any paid tier, keep API keys out of markdown content, and monitor usage for the paid account.
A mistakenly shared page could remain available longer than intended if a long or permanent TTL is chosen.
The service supports temporary sharing and deletion, but also documents a permanent TTL option.
`ttl` ... `0 = permanent` ... `POST /api/burn/:slug` Delete a page immediately.
Use the shortest practical TTL for previews and call the burn endpoint when the shared page is no longer needed.
Users have less registry-level provenance information for verifying the service operator before sending data or using paid features.
The registry metadata does not provide source or homepage provenance, although the skill text points to peekmd.dev and no local code is installed.
Source: unknown; Homepage: none
Verify the peekmd.dev service and pricing independently before sending sensitive content or payment credentials.