Skillv1.2.0

ClawScan security

Markdown Viewer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 20, 2026, 9:25 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with a local markdown viewer; nothing obvious is asking for unrelated credentials or system-wide access, but installing the npm package (and the server's ability to read arbitrary local file paths) are the main areas to review before use.
Guidance: This appears to be what it says: a local markdown viewer implemented as an npm package. Before installing: (1) review the npm package/source (GitHub link in SKILL.md) to verify there are no unexpected behaviors or dependencies; (2) run it without elevated privileges and consider using --root to restrict filesystem access in shared environments; (3) avoid using it to open arbitrary system-sensitive paths (secrets, config files); and (4) remember installing from npm fetches code from the network — if you need stronger assurance, audit the package code or run it in a sandboxed environment.

Review Dimensions

Purpose & Capability: okName/description (live markdown viewer) match the declared needs: Node (to run mdview) and curl (used in the quick-start check). The SKILL.md includes an npm install target and a mdview binary, which is coherent with the stated purpose.
Instruction Scope: noteInstructions stay within the viewer's purpose (install npm package, run local server, open /view?path=/absolute/path/to/file.md). Be aware the server reads arbitrary filesystem paths via the path query parameter — that's expected for a viewer but also means the agent or user could open sensitive files. The SKILL.md notes --root to limit access; it doesn't enforce it automatically.
Install Mechanism: noteAlthough this is an instruction-only skill with no shipped code, it tells the user to install @wipcomputer/markdown-viewer from the public npm registry. Installing a global npm package downloads and places code on disk (supply-chain risk). The SKILL.md's claim of "Zero npm dependencies" and "Zero external requests" is slightly misleading because installing the package requires fetching it from npm.
Credentials: okThe skill requests no environment variables or credentials. The only privilege it needs is filesystem read access to the markdown files whose paths the user supplies; that is proportionate to a viewer but worth noting because absolute paths can point to sensitive files.
Persistence & Privilege: okThe skill is not always-enabled, does not request elevated persistence, and the server runs only while the user starts it (SKILL.md says it does not survive reboots). Default autonomous invocation is allowed by platform policy but is not in itself a red flag here.